Loading ...

Play interactive tourEdit tour

Analysis Report http___192.3.141.164_mal_win32.exe

Overview

General Information

Sample Name:http___192.3.141.164_mal_win32.exe
Analysis ID:433488
MD5:b9032e2b7b07123f625f5d9e6e4f4796
SHA1:a06bcdf6aab7fb82dad340465035549cd853e047
SHA256:120ff2a109c01e38da86b9ce61c33906f6ddcea90a2fdf7ea3a67b08a271029c
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.dragonpalcenk.com/k8n/"], "decoy": ["foxynailserie.com", "thenoyzees.com", "waterrising.xyz", "allmister.com", "theguyscave.com", "erkitap.com", "spyder-club.com", "raskrutisam.com", "giantledlights.com", "wowbeautynails.com", "youmovies.site", "abjms.com", "enso-solutions.com", "seasonalcampgroundsmn.com", "lukeprater.com", "mufasacapital.com", "idi360.com", "mask-cleaner.com", "aeruswilmde.com", "venkatlifecoach.com", "crochetandgabbana.com", "onlineshreecollection.com", "gwenythportillowightman.com", "nexuspropertycare.com", "progress.solutions", "parkerut.com", "achebones.com", "jiazhengfu.com", "chlamydiadeetz.com", "thiele-concept.com", "bayareataxattorney.com", "geopainterdecorators.com", "makemybuild.com", "headsleepinstrument.online", "finevinum.com", "alphaworkoutgear.com", "8765pk.com", "rikonchat.com", "gitchat.net", "showy1.net", "tellurideminer.com", "triliumbrewing.com", "fioriapartment.com", "salubrigems.com", "sctsmney.com", "betgobar1.com", "thomaspurcell.com", "araket.com", "parisfilmfestival.online", "treepik.com", "artemisnaturalhealing.com", "littlehouseofhoarders.com", "buyselllm.com", "levnakava.com", "mygolfbetter.com", "vinlancer.com", "beetalkmobile.press", "gocampultralightmattress.com", "direk99.net", "nivxros.com", "cbgdenver.com", "datarock.net", "docondemand.net", "smithvilletexashistory.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0xc1268:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0xc14e2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0xcd005:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0xccaf1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0xcd107:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0xcd27f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc1efa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0xcbd6c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xc2bf3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0xd2ca7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xd3caa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0xcfd89:$sqlite3step: 68 34 1C 7B E1
    • 0xcfe9c:$sqlite3step: 68 34 1C 7B E1
    • 0xcfdb8:$sqlite3text: 68 38 2A 90 C5
    • 0xcfedd:$sqlite3text: 68 38 2A 90 C5
    • 0xcfdcb:$sqlite3blob: 68 53 D8 7F 8C
    • 0xcfef3:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x17e728:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x17e9a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x18a4c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x189fb1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x18a5c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x18a73f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x17f3ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x18922c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x1800b3:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x190167:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x19116a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 9 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: www.dragonpalcenk.com/k8n/Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.dragonpalcenk.com/k8n/"], "decoy": ["foxynailserie.com", "thenoyzees.com", "waterrising.xyz", "allmister.com", "theguyscave.com", "erkitap.com", "spyder-club.com", "raskrutisam.com", "giantledlights.com", "wowbeautynails.com", "youmovies.site", "abjms.com", "enso-solutions.com", "seasonalcampgroundsmn.com", "lukeprater.com", "mufasacapital.com", "idi360.com", "mask-cleaner.com", "aeruswilmde.com", "venkatlifecoach.com", "crochetandgabbana.com", "onlineshreecollection.com", "gwenythportillowightman.com", "nexuspropertycare.com", "progress.solutions", "parkerut.com", "achebones.com", "jiazhengfu.com", "chlamydiadeetz.com", "thiele-concept.com", "bayareataxattorney.com", "geopainterdecorators.com", "makemybuild.com", "headsleepinstrument.online", "finevinum.com", "alphaworkoutgear.com", "8765pk.com", "rikonchat.com", "gitchat.net", "showy1.net", "tellurideminer.com", "triliumbrewing.com", "fioriapartment.com", "salubrigems.com", "sctsmney.com", "betgobar1.com", "thomaspurcell.com", "araket.com", "parisfilmfestival.online", "treepik.com", "artemisnaturalhealing.com", "littlehouseofhoarders.com", "buyselllm.com", "levnakava.com", "mygolfbetter.com", "vinlancer.com", "beetalkmobile.press", "gocampultralightmattress.com", "direk99.net", "nivxros.com", "cbgdenver.com", "datarock.net", "docondemand.net", "smithvilletexashistory.com"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.dragonpalcenk.com/k8n/Virustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: http___192.3.141.164_mal_win32.exeVirustotal: Detection: 47%Perma Link
          Source: http___192.3.141.164_mal_win32.exeReversingLabs: Detection: 28%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: http___192.3.141.164_mal_win32.exeJoe Sandbox ML: detected
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: StoreApplicationReference.pdb source: http___192.3.141.164_mal_win32.exe
          Source: Binary string: wntdll.pdbUGP source: http___192.3.141.164_mal_win32.exe, 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: http___192.3.141.164_mal_win32.exe
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04572810
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04573F30
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04573F22
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04572806

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.dragonpalcenk.com/k8n/
          Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651915151.0000000002531000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651503963.00000000008FB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419D60 NtCreateFile,2_2_00419D60
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419E10 NtReadFile,2_2_00419E10
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419E90 NtClose,2_2_00419E90
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419F40 NtAllocateVirtualMemory,2_2_00419F40
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419D5B NtCreateFile,2_2_00419D5B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419E0A NtReadFile,2_2_00419E0A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00419F3A NtAllocateVirtualMemory,2_2_00419F3A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01699860
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01699660
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016996E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_016996E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699950 NtQueueApcThread,2_2_01699950
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699910 NtAdjustPrivilegesToken,2_2_01699910
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016999D0 NtCreateProcessEx,2_2_016999D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016999A0 NtCreateSection,2_2_016999A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169B040 NtSuspendThread,2_2_0169B040
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699840 NtDelayExecution,2_2_01699840
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699820 NtEnumerateKey,2_2_01699820
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016998F0 NtReadVirtualMemory,2_2_016998F0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016998A0 NtWriteVirtualMemory,2_2_016998A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699B00 NtSetValueKey,2_2_01699B00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169A3B0 NtGetContextThread,2_2_0169A3B0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699A50 NtCreateFile,2_2_01699A50
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699A20 NtResumeThread,2_2_01699A20
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699A00 NtProtectVirtualMemory,2_2_01699A00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699A10 NtQuerySection,2_2_01699A10
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699A80 NtOpenDirectoryObject,2_2_01699A80
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699560 NtWriteFile,2_2_01699560
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699540 NtReadFile,2_2_01699540
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699520 NtWaitForSingleObject,2_2_01699520
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169AD30 NtSetContextThread,2_2_0169AD30
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016995F0 NtQueryInformationFile,2_2_016995F0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016995D0 NtClose,2_2_016995D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699760 NtOpenProcess,2_2_01699760
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169A770 NtOpenThread,2_2_0169A770
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699770 NtSetInformationFile,2_2_01699770
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699730 NtQueryVirtualMemory,2_2_01699730
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699710 NtQueryInformationToken,2_2_01699710
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169A710 NtOpenProcessToken,2_2_0169A710
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699FE0 NtCreateMutant,2_2_01699FE0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016997A0 NtUnmapViewOfSection,2_2_016997A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699780 NtMapViewOfSection,2_2_01699780
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699670 NtQueryInformationProcess,2_2_01699670
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699650 NtQueryValueKey,2_2_01699650
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699610 NtEnumerateValueKey,2_2_01699610
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016996D0 NtCreateKey,2_2_016996D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A9B3F70_2_00A9B3F7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A99B080_2_00A99B08
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A9C7A80_2_00A9C7A8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A9E8800_2_00A9E880
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A9B0340_2_00A9B034
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04571C900_2_04571C90
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045716A80_2_045716A8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045700400_2_04570040
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045700060_2_04570006
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045702720_2_04570272
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045702AF0_2_045702AF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A5E2D00_2_04A5E2D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A561390_2_04A56139
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A561480_2_04A56148
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A563870_2_04A56387
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A563980_2_04A56398
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A5DD200_2_04A5DD20
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A79D300_2_04A79D30
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A79D1F0_2_04A79D1F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A79F9B0_2_04A79F9B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041D0C72_2_0041D0C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041D8EC2_2_0041D8EC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041E24D2_2_0041E24D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041E5B32_2_0041E5B3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00409E402_2_00409E40
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016741202_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165F9002_2_0165F900
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166C1C02_2_0166C1C0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016729902_2_01672990
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0172E8242_2_0172E824
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A8302_2_0167A830
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016568002_2_01656800
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017110022_2_01711002
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017160F52_2_017160F5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E02_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017228EC2_2_017228EC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A02_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017220A82_2_017220A8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166B0902_2_0166B090
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016733602_2_01673360
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FCB4F2_2_016FCB4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167AB402_2_0167AB40
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01722B282_2_01722B28
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171231B2_2_0171231B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A3092_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016A8BE82_2_016A8BE8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017023E32_2_017023E3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171DBD22_2_0171DBD2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017103DA2_2_017103DA
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168ABD82_2_0168ABD8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168EBB02_2_0168EBB0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168138B2_2_0168138B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FEB8A2_2_016FEB8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167EB9A2_2_0167EB9A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01715A4F2_2_01715A4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B2362_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170FA2B2_2_0170FA2B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171E2C52_2_0171E2C5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017232A92_2_017232A9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017222AE2_2_017222AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01721D552_2_01721D55
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01672D502_2_01672D50
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01650D202_2_01650D20
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01722D072_2_01722D07
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166D5E02_2_0166D5E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017225DD2_2_017225DD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016865A02_2_016865A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016825812_2_01682581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D822_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171CC772_2_0171CC77
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B4772_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171D4662_2_0171D466
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016724302_2_01672430
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166841F2_2_0166841F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684CD42_2_01684CD4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017144962_2_01714496
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01721FF12_2_01721FF1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017167E22_2_017167E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0172DFCE2_2_0172DFCE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016596602_2_01659660
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016DAE602_2_016DAE60
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01676E302_2_01676E30
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171D6162_2_0171D616
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016756002_2_01675600
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01722EF72_2_01722EF7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016806C02_2_016806C0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01701EB62_2_01701EB6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: String function: 016AD08C appears 48 times
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: String function: 016E5720 appears 85 times
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: String function: 0165B150 appears 177 times
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000000.643959783.00000000001BE000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameStoreApplicationReference.exe< vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651503963.00000000008FB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exe, 00000002.00000002.651934783.0000000000C7E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameStoreApplicationReference.exe< vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exe, 00000002.00000002.652453473.00000000018DF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exeBinary or memory string: OriginalFilenameStoreApplicationReference.exe< vs http___192.3.141.164_mal_win32.exe
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: http___192.3.141.164_mal_win32.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: http___192.3.141.164_mal_win32.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\http___192.3.141.164_mal_win32.exe.logJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeMutant created: \Sessions\1\BaseNamedObjects\GKapfmVVaikxxFVRiaOpWaNVOHp
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: http___192.3.141.164_mal_win32.exeVirustotal: Detection: 47%
          Source: http___192.3.141.164_mal_win32.exeReversingLabs: Detection: 28%
          Source: unknownProcess created: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe 'C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe'
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess created: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess created: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: http___192.3.141.164_mal_win32.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: StoreApplicationReference.pdb source: http___192.3.141.164_mal_win32.exe
          Source: Binary string: wntdll.pdbUGP source: http___192.3.141.164_mal_win32.exe, 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: http___192.3.141.164_mal_win32.exe

          Data Obfuscation:

          barindex
          .NET source code contains method to dynamically call methods (often used by packers)Show sources
          Source: http___192.3.141.164_mal_win32.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_00A9EBE8 pushad ; ret 0_2_00A9EBE9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_045703E8 push edx; ret 0_2_045703E9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A72404 push E802005Eh; ret 0_2_04A72409
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 0_2_04A72991 pushad ; ret 0_2_04A729A3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00417849 push cs; retf 2_2_0041786A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0040795D push ebx; ret 2_2_00407984
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041E24D push dword ptr [2E33947Ah]; ret 2_2_0041E24B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00416500 push 00000038h; ret 2_2_00416503
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041CEB5 push eax; ret 2_2_0041CF08
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041CF6C push eax; ret 2_2_0041CF72
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041CF02 push eax; ret 2_2_0041CF08
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041CF0B push eax; ret 2_2_0041CF72
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041DFD6 push dword ptr [2E33947Ah]; ret 2_2_0041E24B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0041DFE0 push dword ptr [2E33947Ah]; ret 2_2_0041E24B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016AD0D1 push ecx; ret 2_2_016AD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.84856370561
          Source: http___192.3.141.164_mal_win32.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'gZbDAg', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: http___192.3.141.164_mal_win32.exe PID: 5924, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe TID: 6440Thread sleep time: -102947s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe TID: 5852Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeThread delayed: delay time: 102947Jump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: http___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01699860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01699860
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165C962 mov eax, dword ptr fs:[00000030h]2_2_0165C962
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171E962 mov eax, dword ptr fs:[00000030h]2_2_0171E962
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165B171 mov eax, dword ptr fs:[00000030h]2_2_0165B171
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165B171 mov eax, dword ptr fs:[00000030h]2_2_0165B171
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728966 mov eax, dword ptr fs:[00000030h]2_2_01728966
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01711951 mov eax, dword ptr fs:[00000030h]2_2_01711951
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B944 mov eax, dword ptr fs:[00000030h]2_2_0167B944
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B944 mov eax, dword ptr fs:[00000030h]2_2_0167B944
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165395E mov eax, dword ptr fs:[00000030h]2_2_0165395E
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165395E mov eax, dword ptr fs:[00000030h]2_2_0165395E
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01674120 mov eax, dword ptr fs:[00000030h]2_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01674120 mov eax, dword ptr fs:[00000030h]2_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01674120 mov eax, dword ptr fs:[00000030h]2_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01674120 mov eax, dword ptr fs:[00000030h]2_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01674120 mov ecx, dword ptr fs:[00000030h]2_2_01674120
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168513A mov eax, dword ptr fs:[00000030h]2_2_0168513A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168513A mov eax, dword ptr fs:[00000030h]2_2_0168513A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01653138 mov ecx, dword ptr fs:[00000030h]2_2_01653138
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659100 mov eax, dword ptr fs:[00000030h]2_2_01659100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659100 mov eax, dword ptr fs:[00000030h]2_2_01659100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659100 mov eax, dword ptr fs:[00000030h]2_2_01659100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01660100 mov eax, dword ptr fs:[00000030h]2_2_01660100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01660100 mov eax, dword ptr fs:[00000030h]2_2_01660100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01660100 mov eax, dword ptr fs:[00000030h]2_2_01660100
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165B1E1 mov eax, dword ptr fs:[00000030h]2_2_0165B1E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165B1E1 mov eax, dword ptr fs:[00000030h]2_2_0165B1E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165B1E1 mov eax, dword ptr fs:[00000030h]2_2_0165B1E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016531E0 mov eax, dword ptr fs:[00000030h]2_2_016531E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E41E8 mov eax, dword ptr fs:[00000030h]2_2_016E41E8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167D1EF mov eax, dword ptr fs:[00000030h]2_2_0167D1EF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017289E7 mov eax, dword ptr fs:[00000030h]2_2_017289E7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016699C7 mov eax, dword ptr fs:[00000030h]2_2_016699C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016699C7 mov eax, dword ptr fs:[00000030h]2_2_016699C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016699C7 mov eax, dword ptr fs:[00000030h]2_2_016699C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016699C7 mov eax, dword ptr fs:[00000030h]2_2_016699C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166C1C0 mov eax, dword ptr fs:[00000030h]2_2_0166C1C0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov ecx, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov ecx, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017131DC mov eax, dword ptr fs:[00000030h]2_2_017131DC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016661A7 mov eax, dword ptr fs:[00000030h]2_2_016661A7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016661A7 mov eax, dword ptr fs:[00000030h]2_2_016661A7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016661A7 mov eax, dword ptr fs:[00000030h]2_2_016661A7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016661A7 mov eax, dword ptr fs:[00000030h]2_2_016661A7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0172F1B5 mov eax, dword ptr fs:[00000030h]2_2_0172F1B5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0172F1B5 mov eax, dword ptr fs:[00000030h]2_2_0172F1B5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016861A0 mov eax, dword ptr fs:[00000030h]2_2_016861A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016861A0 mov eax, dword ptr fs:[00000030h]2_2_016861A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D69A6 mov eax, dword ptr fs:[00000030h]2_2_016D69A6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D51BE mov eax, dword ptr fs:[00000030h]2_2_016D51BE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D51BE mov eax, dword ptr fs:[00000030h]2_2_016D51BE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D51BE mov eax, dword ptr fs:[00000030h]2_2_016D51BE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D51BE mov eax, dword ptr fs:[00000030h]2_2_016D51BE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016899BC mov eax, dword ptr fs:[00000030h]2_2_016899BC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017149A4 mov eax, dword ptr fs:[00000030h]2_2_017149A4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017149A4 mov eax, dword ptr fs:[00000030h]2_2_017149A4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017149A4 mov eax, dword ptr fs:[00000030h]2_2_017149A4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017149A4 mov eax, dword ptr fs:[00000030h]2_2_017149A4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168C9BF mov eax, dword ptr fs:[00000030h]2_2_0168C9BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168C9BF mov eax, dword ptr fs:[00000030h]2_2_0168C9BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov eax, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov eax, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov eax, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov ecx, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016799BF mov eax, dword ptr fs:[00000030h]2_2_016799BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167C182 mov eax, dword ptr fs:[00000030h]2_2_0167C182
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168A185 mov eax, dword ptr fs:[00000030h]2_2_0168A185
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658190 mov ecx, dword ptr fs:[00000030h]2_2_01658190
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682990 mov eax, dword ptr fs:[00000030h]2_2_01682990
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684190 mov eax, dword ptr fs:[00000030h]2_2_01684190
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171A189 mov eax, dword ptr fs:[00000030h]2_2_0171A189
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171A189 mov ecx, dword ptr fs:[00000030h]2_2_0171A189
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165519E mov eax, dword ptr fs:[00000030h]2_2_0165519E
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165519E mov ecx, dword ptr fs:[00000030h]2_2_0165519E
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712073 mov eax, dword ptr fs:[00000030h]2_2_01712073
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01721074 mov eax, dword ptr fs:[00000030h]2_2_01721074
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167F86D mov eax, dword ptr fs:[00000030h]2_2_0167F86D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01711843 mov eax, dword ptr fs:[00000030h]2_2_01711843
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01657057 mov eax, dword ptr fs:[00000030h]2_2_01657057
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655050 mov eax, dword ptr fs:[00000030h]2_2_01655050
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655050 mov eax, dword ptr fs:[00000030h]2_2_01655050
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655050 mov eax, dword ptr fs:[00000030h]2_2_01655050
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01670050 mov eax, dword ptr fs:[00000030h]2_2_01670050
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01670050 mov eax, dword ptr fs:[00000030h]2_2_01670050
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168002D mov eax, dword ptr fs:[00000030h]2_2_0168002D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168002D mov eax, dword ptr fs:[00000030h]2_2_0168002D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168002D mov eax, dword ptr fs:[00000030h]2_2_0168002D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168002D mov eax, dword ptr fs:[00000030h]2_2_0168002D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168002D mov eax, dword ptr fs:[00000030h]2_2_0168002D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684020 mov edi, dword ptr fs:[00000030h]2_2_01684020
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166B02A mov eax, dword ptr fs:[00000030h]2_2_0166B02A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166B02A mov eax, dword ptr fs:[00000030h]2_2_0166B02A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166B02A mov eax, dword ptr fs:[00000030h]2_2_0166B02A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166B02A mov eax, dword ptr fs:[00000030h]2_2_0166B02A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A830 mov eax, dword ptr fs:[00000030h]2_2_0167A830
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A830 mov eax, dword ptr fs:[00000030h]2_2_0167A830
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A830 mov eax, dword ptr fs:[00000030h]2_2_0167A830
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A830 mov eax, dword ptr fs:[00000030h]2_2_0167A830
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01656800 mov eax, dword ptr fs:[00000030h]2_2_01656800
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01656800 mov eax, dword ptr fs:[00000030h]2_2_01656800
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01656800 mov eax, dword ptr fs:[00000030h]2_2_01656800
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01724015 mov eax, dword ptr fs:[00000030h]2_2_01724015
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01724015 mov eax, dword ptr fs:[00000030h]2_2_01724015
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168701D mov eax, dword ptr fs:[00000030h]2_2_0168701D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D7016 mov eax, dword ptr fs:[00000030h]2_2_016D7016
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D7016 mov eax, dword ptr fs:[00000030h]2_2_016D7016
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D7016 mov eax, dword ptr fs:[00000030h]2_2_016D7016
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B8E4 mov eax, dword ptr fs:[00000030h]2_2_0167B8E4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B8E4 mov eax, dword ptr fs:[00000030h]2_2_0167B8E4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016540E1 mov eax, dword ptr fs:[00000030h]2_2_016540E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016540E1 mov eax, dword ptr fs:[00000030h]2_2_016540E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016540E1 mov eax, dword ptr fs:[00000030h]2_2_016540E1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017160F5 mov eax, dword ptr fs:[00000030h]2_2_017160F5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017160F5 mov eax, dword ptr fs:[00000030h]2_2_017160F5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017160F5 mov eax, dword ptr fs:[00000030h]2_2_017160F5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017160F5 mov eax, dword ptr fs:[00000030h]2_2_017160F5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016588E0 mov eax, dword ptr fs:[00000030h]2_2_016588E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016558EC mov eax, dword ptr fs:[00000030h]2_2_016558EC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628FD mov eax, dword ptr fs:[00000030h]2_2_016628FD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628FD mov eax, dword ptr fs:[00000030h]2_2_016628FD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628FD mov eax, dword ptr fs:[00000030h]2_2_016628FD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016570C0 mov eax, dword ptr fs:[00000030h]2_2_016570C0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016570C0 mov eax, dword ptr fs:[00000030h]2_2_016570C0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016578D6 mov eax, dword ptr fs:[00000030h]2_2_016578D6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016578D6 mov eax, dword ptr fs:[00000030h]2_2_016578D6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016578D6 mov ecx, dword ptr fs:[00000030h]2_2_016578D6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B0C7 mov eax, dword ptr fs:[00000030h]2_2_0171B0C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B0C7 mov eax, dword ptr fs:[00000030h]2_2_0171B0C7
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017118CA mov eax, dword ptr fs:[00000030h]2_2_017118CA
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov eax, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov ecx, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov eax, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov eax, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov eax, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016EB8D0 mov eax, dword ptr fs:[00000030h]2_2_016EB8D0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016990AF mov eax, dword ptr fs:[00000030h]2_2_016990AF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016820A0 mov eax, dword ptr fs:[00000030h]2_2_016820A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov eax, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov eax, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov eax, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov ecx, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov eax, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016628AE mov eax, dword ptr fs:[00000030h]2_2_016628AE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016878A0 mov eax, dword ptr fs:[00000030h]2_2_016878A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F0BF mov ecx, dword ptr fs:[00000030h]2_2_0168F0BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F0BF mov eax, dword ptr fs:[00000030h]2_2_0168F0BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F0BF mov eax, dword ptr fs:[00000030h]2_2_0168F0BF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659080 mov eax, dword ptr fs:[00000030h]2_2_01659080
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01653880 mov eax, dword ptr fs:[00000030h]2_2_01653880
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01653880 mov eax, dword ptr fs:[00000030h]2_2_01653880
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D3884 mov eax, dword ptr fs:[00000030h]2_2_016D3884
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D3884 mov eax, dword ptr fs:[00000030h]2_2_016D3884
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165DB60 mov ecx, dword ptr fs:[00000030h]2_2_0165DB60
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E6365 mov eax, dword ptr fs:[00000030h]2_2_016E6365
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E6365 mov eax, dword ptr fs:[00000030h]2_2_016E6365
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E6365 mov eax, dword ptr fs:[00000030h]2_2_016E6365
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B7A mov eax, dword ptr fs:[00000030h]2_2_01683B7A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B7A mov eax, dword ptr fs:[00000030h]2_2_01683B7A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01657B70 mov eax, dword ptr fs:[00000030h]2_2_01657B70
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166F370 mov eax, dword ptr fs:[00000030h]2_2_0166F370
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166F370 mov eax, dword ptr fs:[00000030h]2_2_0166F370
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166F370 mov eax, dword ptr fs:[00000030h]2_2_0166F370
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165DB40 mov eax, dword ptr fs:[00000030h]2_2_0165DB40
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728B58 mov eax, dword ptr fs:[00000030h]2_2_01728B58
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B5A mov eax, dword ptr fs:[00000030h]2_2_01683B5A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B5A mov eax, dword ptr fs:[00000030h]2_2_01683B5A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B5A mov eax, dword ptr fs:[00000030h]2_2_01683B5A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01683B5A mov eax, dword ptr fs:[00000030h]2_2_01683B5A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165F358 mov eax, dword ptr fs:[00000030h]2_2_0165F358
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171131B mov eax, dword ptr fs:[00000030h]2_2_0171131B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A309 mov eax, dword ptr fs:[00000030h]2_2_0167A309
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016803E2 mov eax, dword ptr fs:[00000030h]2_2_016803E2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01651BE9 mov eax, dword ptr fs:[00000030h]2_2_01651BE9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167DBE9 mov eax, dword ptr fs:[00000030h]2_2_0167DBE9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017023E3 mov ecx, dword ptr fs:[00000030h]2_2_017023E3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017023E3 mov ecx, dword ptr fs:[00000030h]2_2_017023E3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017023E3 mov eax, dword ptr fs:[00000030h]2_2_017023E3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D53CA mov eax, dword ptr fs:[00000030h]2_2_016D53CA
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D53CA mov eax, dword ptr fs:[00000030h]2_2_016D53CA
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016853C5 mov eax, dword ptr fs:[00000030h]2_2_016853C5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728BB6 mov eax, dword ptr fs:[00000030h]2_2_01728BB6
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684BAD mov eax, dword ptr fs:[00000030h]2_2_01684BAD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684BAD mov eax, dword ptr fs:[00000030h]2_2_01684BAD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684BAD mov eax, dword ptr fs:[00000030h]2_2_01684BAD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01729BBE mov eax, dword ptr fs:[00000030h]2_2_01729BBE
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01725BA5 mov eax, dword ptr fs:[00000030h]2_2_01725BA5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01711BA8 mov eax, dword ptr fs:[00000030h]2_2_01711BA8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168138B mov eax, dword ptr fs:[00000030h]2_2_0168138B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168138B mov eax, dword ptr fs:[00000030h]2_2_0168138B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168138B mov eax, dword ptr fs:[00000030h]2_2_0168138B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FEB8A mov ecx, dword ptr fs:[00000030h]2_2_016FEB8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FEB8A mov eax, dword ptr fs:[00000030h]2_2_016FEB8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FEB8A mov eax, dword ptr fs:[00000030h]2_2_016FEB8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FEB8A mov eax, dword ptr fs:[00000030h]2_2_016FEB8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01661B8F mov eax, dword ptr fs:[00000030h]2_2_01661B8F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01661B8F mov eax, dword ptr fs:[00000030h]2_2_01661B8F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170D380 mov ecx, dword ptr fs:[00000030h]2_2_0170D380
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01654B94 mov edi, dword ptr fs:[00000030h]2_2_01654B94
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168B390 mov eax, dword ptr fs:[00000030h]2_2_0168B390
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171138A mov eax, dword ptr fs:[00000030h]2_2_0171138A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167EB9A mov eax, dword ptr fs:[00000030h]2_2_0167EB9A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167EB9A mov eax, dword ptr fs:[00000030h]2_2_0167EB9A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682397 mov eax, dword ptr fs:[00000030h]2_2_01682397
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01695A69 mov eax, dword ptr fs:[00000030h]2_2_01695A69
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01695A69 mov eax, dword ptr fs:[00000030h]2_2_01695A69
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01695A69 mov eax, dword ptr fs:[00000030h]2_2_01695A69
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170B260 mov eax, dword ptr fs:[00000030h]2_2_0170B260
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170B260 mov eax, dword ptr fs:[00000030h]2_2_0170B260
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728A62 mov eax, dword ptr fs:[00000030h]2_2_01728A62
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0169927A mov eax, dword ptr fs:[00000030h]2_2_0169927A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171EA55 mov eax, dword ptr fs:[00000030h]2_2_0171EA55
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659240 mov eax, dword ptr fs:[00000030h]2_2_01659240
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659240 mov eax, dword ptr fs:[00000030h]2_2_01659240
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659240 mov eax, dword ptr fs:[00000030h]2_2_01659240
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659240 mov eax, dword ptr fs:[00000030h]2_2_01659240
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01711A5F mov eax, dword ptr fs:[00000030h]2_2_01711A5F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E4257 mov eax, dword ptr fs:[00000030h]2_2_016E4257
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01715A4F mov eax, dword ptr fs:[00000030h]2_2_01715A4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01715A4F mov eax, dword ptr fs:[00000030h]2_2_01715A4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01715A4F mov eax, dword ptr fs:[00000030h]2_2_01715A4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01715A4F mov eax, dword ptr fs:[00000030h]2_2_01715A4F
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01694A2C mov eax, dword ptr fs:[00000030h]2_2_01694A2C
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01694A2C mov eax, dword ptr fs:[00000030h]2_2_01694A2C
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01654A20 mov eax, dword ptr fs:[00000030h]2_2_01654A20
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01654A20 mov eax, dword ptr fs:[00000030h]2_2_01654A20
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167A229 mov eax, dword ptr fs:[00000030h]2_2_0167A229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B236 mov eax, dword ptr fs:[00000030h]2_2_0167B236
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01711229 mov eax, dword ptr fs:[00000030h]2_2_01711229
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658239 mov eax, dword ptr fs:[00000030h]2_2_01658239
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658239 mov eax, dword ptr fs:[00000030h]2_2_01658239
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658239 mov eax, dword ptr fs:[00000030h]2_2_01658239
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov ecx, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166BA00 mov eax, dword ptr fs:[00000030h]2_2_0166BA00
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171AA16 mov eax, dword ptr fs:[00000030h]2_2_0171AA16
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171AA16 mov eax, dword ptr fs:[00000030h]2_2_0171AA16
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01668A0A mov eax, dword ptr fs:[00000030h]2_2_01668A0A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165AA16 mov eax, dword ptr fs:[00000030h]2_2_0165AA16
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165AA16 mov eax, dword ptr fs:[00000030h]2_2_0165AA16
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655210 mov eax, dword ptr fs:[00000030h]2_2_01655210
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655210 mov ecx, dword ptr fs:[00000030h]2_2_01655210
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655210 mov eax, dword ptr fs:[00000030h]2_2_01655210
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655210 mov eax, dword ptr fs:[00000030h]2_2_01655210
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01673A1C mov eax, dword ptr fs:[00000030h]2_2_01673A1C
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682AE4 mov eax, dword ptr fs:[00000030h]2_2_01682AE4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B2E8 mov eax, dword ptr fs:[00000030h]2_2_0171B2E8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B2E8 mov eax, dword ptr fs:[00000030h]2_2_0171B2E8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B2E8 mov eax, dword ptr fs:[00000030h]2_2_0171B2E8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B2E8 mov eax, dword ptr fs:[00000030h]2_2_0171B2E8
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01714AEF mov eax, dword ptr fs:[00000030h]2_2_01714AEF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682ACB mov eax, dword ptr fs:[00000030h]2_2_01682ACB
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655AC0 mov eax, dword ptr fs:[00000030h]2_2_01655AC0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655AC0 mov eax, dword ptr fs:[00000030h]2_2_01655AC0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01655AC0 mov eax, dword ptr fs:[00000030h]2_2_01655AC0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01653ACA mov eax, dword ptr fs:[00000030h]2_2_01653ACA
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728ADD mov eax, dword ptr fs:[00000030h]2_2_01728ADD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016512D4 mov eax, dword ptr fs:[00000030h]2_2_016512D4
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016552A5 mov eax, dword ptr fs:[00000030h]2_2_016552A5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016552A5 mov eax, dword ptr fs:[00000030h]2_2_016552A5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016552A5 mov eax, dword ptr fs:[00000030h]2_2_016552A5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016552A5 mov eax, dword ptr fs:[00000030h]2_2_016552A5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016552A5 mov eax, dword ptr fs:[00000030h]2_2_016552A5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01651AA0 mov eax, dword ptr fs:[00000030h]2_2_01651AA0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016662A0 mov eax, dword ptr fs:[00000030h]2_2_016662A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016662A0 mov eax, dword ptr fs:[00000030h]2_2_016662A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016662A0 mov eax, dword ptr fs:[00000030h]2_2_016662A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016662A0 mov eax, dword ptr fs:[00000030h]2_2_016662A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01685AA0 mov eax, dword ptr fs:[00000030h]2_2_01685AA0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01685AA0 mov eax, dword ptr fs:[00000030h]2_2_01685AA0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016812BD mov esi, dword ptr fs:[00000030h]2_2_016812BD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016812BD mov eax, dword ptr fs:[00000030h]2_2_016812BD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016812BD mov eax, dword ptr fs:[00000030h]2_2_016812BD
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166AAB0 mov eax, dword ptr fs:[00000030h]2_2_0166AAB0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166AAB0 mov eax, dword ptr fs:[00000030h]2_2_0166AAB0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168FAB0 mov eax, dword ptr fs:[00000030h]2_2_0168FAB0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168DA88 mov eax, dword ptr fs:[00000030h]2_2_0168DA88
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168DA88 mov eax, dword ptr fs:[00000030h]2_2_0168DA88
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171129A mov eax, dword ptr fs:[00000030h]2_2_0171129A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168D294 mov eax, dword ptr fs:[00000030h]2_2_0168D294
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168D294 mov eax, dword ptr fs:[00000030h]2_2_0168D294
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167C577 mov eax, dword ptr fs:[00000030h]2_2_0167C577
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167C577 mov eax, dword ptr fs:[00000030h]2_2_0167C577
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01678D76 mov eax, dword ptr fs:[00000030h]2_2_01678D76
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01678D76 mov eax, dword ptr fs:[00000030h]2_2_01678D76
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01678D76 mov eax, dword ptr fs:[00000030h]2_2_01678D76
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01678D76 mov eax, dword ptr fs:[00000030h]2_2_01678D76
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01678D76 mov eax, dword ptr fs:[00000030h]2_2_01678D76
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170FD52 mov eax, dword ptr fs:[00000030h]2_2_0170FD52
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165354C mov eax, dword ptr fs:[00000030h]2_2_0165354C
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165354C mov eax, dword ptr fs:[00000030h]2_2_0165354C
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01693D43 mov eax, dword ptr fs:[00000030h]2_2_01693D43
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D3540 mov eax, dword ptr fs:[00000030h]2_2_016D3540
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01703D40 mov eax, dword ptr fs:[00000030h]2_2_01703D40
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01677D50 mov eax, dword ptr fs:[00000030h]2_2_01677D50
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01708D47 mov eax, dword ptr fs:[00000030h]2_2_01708D47
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01694D51 mov eax, dword ptr fs:[00000030h]2_2_01694D51
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01694D51 mov eax, dword ptr fs:[00000030h]2_2_01694D51
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728D34 mov eax, dword ptr fs:[00000030h]2_2_01728D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171E539 mov eax, dword ptr fs:[00000030h]2_2_0171E539
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F527 mov eax, dword ptr fs:[00000030h]2_2_0168F527
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F527 mov eax, dword ptr fs:[00000030h]2_2_0168F527
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168F527 mov eax, dword ptr fs:[00000030h]2_2_0168F527
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01663D34 mov eax, dword ptr fs:[00000030h]2_2_01663D34
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684D3B mov eax, dword ptr fs:[00000030h]2_2_01684D3B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684D3B mov eax, dword ptr fs:[00000030h]2_2_01684D3B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01684D3B mov eax, dword ptr fs:[00000030h]2_2_01684D3B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165AD30 mov eax, dword ptr fs:[00000030h]2_2_0165AD30
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016DA537 mov eax, dword ptr fs:[00000030h]2_2_016DA537
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01713518 mov eax, dword ptr fs:[00000030h]2_2_01713518
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01713518 mov eax, dword ptr fs:[00000030h]2_2_01713518
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01713518 mov eax, dword ptr fs:[00000030h]2_2_01713518
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016FCD04 mov eax, dword ptr fs:[00000030h]2_2_016FCD04
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01659515 mov ecx, dword ptr fs:[00000030h]2_2_01659515
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165751A mov eax, dword ptr fs:[00000030h]2_2_0165751A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165751A mov eax, dword ptr fs:[00000030h]2_2_0165751A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165751A mov eax, dword ptr fs:[00000030h]2_2_0165751A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0165751A mov eax, dword ptr fs:[00000030h]2_2_0165751A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01708DF1 mov eax, dword ptr fs:[00000030h]2_2_01708DF1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016895EC mov eax, dword ptr fs:[00000030h]2_2_016895EC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166D5E0 mov eax, dword ptr fs:[00000030h]2_2_0166D5E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0166D5E0 mov eax, dword ptr fs:[00000030h]2_2_0166D5E0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E3DE3 mov ecx, dword ptr fs:[00000030h]2_2_016E3DE3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E3DE3 mov eax, dword ptr fs:[00000030h]2_2_016E3DE3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016E3DE3 mov eax, dword ptr fs:[00000030h]2_2_016E3DE3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171FDE2 mov eax, dword ptr fs:[00000030h]2_2_0171FDE2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171FDE2 mov eax, dword ptr fs:[00000030h]2_2_0171FDE2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171FDE2 mov eax, dword ptr fs:[00000030h]2_2_0171FDE2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171FDE2 mov eax, dword ptr fs:[00000030h]2_2_0171FDE2
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016595F0 mov eax, dword ptr fs:[00000030h]2_2_016595F0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016595F0 mov ecx, dword ptr fs:[00000030h]2_2_016595F0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0170FDD3 mov eax, dword ptr fs:[00000030h]2_2_0170FDD3
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov eax, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov eax, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov eax, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov ecx, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov eax, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016D6DC9 mov eax, dword ptr fs:[00000030h]2_2_016D6DC9
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016515C1 mov eax, dword ptr fs:[00000030h]2_2_016515C1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016865A0 mov eax, dword ptr fs:[00000030h]2_2_016865A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016865A0 mov eax, dword ptr fs:[00000030h]2_2_016865A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016865A0 mov eax, dword ptr fs:[00000030h]2_2_016865A0
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_016835A1 mov eax, dword ptr fs:[00000030h]2_2_016835A1
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01695DBF mov eax, dword ptr fs:[00000030h]2_2_01695DBF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01695DBF mov eax, dword ptr fs:[00000030h]2_2_01695DBF
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01681DB5 mov eax, dword ptr fs:[00000030h]2_2_01681DB5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01681DB5 mov eax, dword ptr fs:[00000030h]2_2_01681DB5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01681DB5 mov eax, dword ptr fs:[00000030h]2_2_01681DB5
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017205AC mov eax, dword ptr fs:[00000030h]2_2_017205AC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_017205AC mov eax, dword ptr fs:[00000030h]2_2_017205AC
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682581 mov eax, dword ptr fs:[00000030h]2_2_01682581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682581 mov eax, dword ptr fs:[00000030h]2_2_01682581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682581 mov eax, dword ptr fs:[00000030h]2_2_01682581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01682581 mov eax, dword ptr fs:[00000030h]2_2_01682581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01652D8A mov eax, dword ptr fs:[00000030h]2_2_01652D8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01652D8A mov eax, dword ptr fs:[00000030h]2_2_01652D8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01652D8A mov eax, dword ptr fs:[00000030h]2_2_01652D8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01652D8A mov eax, dword ptr fs:[00000030h]2_2_01652D8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01652D8A mov eax, dword ptr fs:[00000030h]2_2_01652D8A
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B581 mov eax, dword ptr fs:[00000030h]2_2_0171B581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B581 mov eax, dword ptr fs:[00000030h]2_2_0171B581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B581 mov eax, dword ptr fs:[00000030h]2_2_0171B581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0171B581 mov eax, dword ptr fs:[00000030h]2_2_0171B581
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168FD9B mov eax, dword ptr fs:[00000030h]2_2_0168FD9B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0168FD9B mov eax, dword ptr fs:[00000030h]2_2_0168FD9B
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01712D82 mov eax, dword ptr fs:[00000030h]2_2_01712D82
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01653591 mov eax, dword ptr fs:[00000030h]2_2_01653591
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658466 mov eax, dword ptr fs:[00000030h]2_2_01658466
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01658466 mov eax, dword ptr fs:[00000030h]2_2_01658466
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_01728C75 mov eax, dword ptr fs:[00000030h]2_2_01728C75
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167746D mov eax, dword ptr fs:[00000030h]2_2_0167746D
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeCode function: 2_2_0167B477 mov eax, dword ptr fs:[00000030h]2_2_0167B477
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeProcess created: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.http___192.3.141.164_mal_win32.exe.400000.1.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection11Masquerading1Input Capture1Security Software Discovery221Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSSystem Information Discovery112Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing13DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          http___192.3.141.164_mal_win32.exe48%VirustotalBrowse
          http___192.3.141.164_mal_win32.exe28%ReversingLabsByteCode-MSIL.Trojan.Heracles
          http___192.3.141.164_mal_win32.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.0.http___192.3.141.164_mal_win32.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.http___192.3.141.164_mal_win32.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.dragonpalcenk.com/k8n/7%VirustotalBrowse
          www.dragonpalcenk.com/k8n/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.dragonpalcenk.com/k8n/true
          • 7%, Virustotal, Browse
          • Avira URL Cloud: malware
          low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehttp___192.3.141.164_mal_win32.exe, 00000000.00000002.651915151.0000000002531000.00000004.00000001.sdmpfalse
            high
            https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.csshttp___192.3.141.164_mal_win32.exe, 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmpfalse
              high

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              192.3.141.164
              unknownUnited States
              36352AS-COLOCROSSINGUStrue

              General Information

              Joe Sandbox Version:32.0.0 Black Diamond
              Analysis ID:433488
              Start date:12.06.2021
              Start time:02:05:22
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 5m 18s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:http___192.3.141.164_mal_win32.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:3
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@3/1@0/1
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 3.3% (good quality ratio 3%)
              • Quality average: 71.3%
              • Quality standard deviation: 31%
              HCA Information:
              • Successful, ratio: 98%
              • Number of executed functions: 97
              • Number of non-executed functions: 237
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              • Stop behavior analysis, all processes terminated
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): svchost.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              02:06:10API Interceptor2x Sleep call for process: http___192.3.141.164_mal_win32.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              192.3.141.164Swift_Payment.MT103.docxGet hashmaliciousBrowse
              • 192.3.141.164/oti/vbc.exe

              Domains

              No context

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              AS-COLOCROSSINGUSSwift_Payment.MT103.docxGet hashmaliciousBrowse
              • 192.3.141.164
              WH4OtmG2dO.exeGet hashmaliciousBrowse
              • 192.210.198.12
              mPFY2OZSiZ.exeGet hashmaliciousBrowse
              • 192.210.198.12
              pXorUvhj09.exeGet hashmaliciousBrowse
              • 192.210.198.12
              L2.xlsxGet hashmaliciousBrowse
              • 192.210.173.40
              Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsxGet hashmaliciousBrowse
              • 192.210.173.40
              Request Letter for Courtesy Call.xlsxGet hashmaliciousBrowse
              • 198.12.110.183
              ORDEN 47458.xlsxGet hashmaliciousBrowse
              • 198.12.110.183
              Descuentos de hasta el 40%.xlsxGet hashmaliciousBrowse
              • 198.12.110.183
              crt9O3URua.exeGet hashmaliciousBrowse
              • 198.23.140.76
              _VM0_03064853.HtMGet hashmaliciousBrowse
              • 23.94.52.94
              1LvgZjt4iv.exeGet hashmaliciousBrowse
              • 198.46.177.119
              PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsxGet hashmaliciousBrowse
              • 198.23.221.170
              Purchase Order Price List 061021.xlsxGet hashmaliciousBrowse
              • 198.12.127.155
              xYKsdzAUj8.exeGet hashmaliciousBrowse
              • 192.210.198.12
              lsQ72VytAw.exeGet hashmaliciousBrowse
              • 192.210.198.12
              EDxI6b8IKs.exeGet hashmaliciousBrowse
              • 192.210.198.12
              ouGTVjHuUq.exeGet hashmaliciousBrowse
              • 192.210.198.12
              vbc.xlsxGet hashmaliciousBrowse
              • 107.173.219.35
              PO.xlsxGet hashmaliciousBrowse
              • 198.12.110.183

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\http___192.3.141.164_mal_win32.exe.log
              Process:C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1314
              Entropy (8bit):5.350128552078965
              Encrypted:false
              SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
              MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
              SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
              SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
              SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
              Malicious:true
              Reputation:high, very likely benign file
              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.4991855714039755
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Win16/32 Executable Delphi generic (2074/23) 0.01%
              File name:http___192.3.141.164_mal_win32.exe
              File size:949760
              MD5:b9032e2b7b07123f625f5d9e6e4f4796
              SHA1:a06bcdf6aab7fb82dad340465035549cd853e047
              SHA256:120ff2a109c01e38da86b9ce61c33906f6ddcea90a2fdf7ea3a67b08a271029c
              SHA512:a53309359e78dae4acef870b5c93040e1a851a97a7e6b9a9776ebfd80ca6f097e88cb20b2ac9a3bac7211562efbe552475556209c9372d03a0e1a8555fe211b6
              SSDEEP:24576:D6kdQhmaxPzRWfydThe6ns3vYETNeBUdt:fMxPzR4YTC5TwBU
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`................................. ........@.. ....................................@................................

              File Icon

              Icon Hash:8c8caa8e9692aa00

              Static PE Info

              General

              Entrypoint:0x4bf02e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x60C2A9DE [Fri Jun 11 00:10:06 2021 UTC]
              TLS Callbacks:
              CLR (.Net) Version:v4.0.30319
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xbefe00x4b.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc20000x2a3b8.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xbef870x1c.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xbd0340xbd200False0.894979190763data7.84856370561IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .sdata0xc00000x1e80x200False0.86328125data6.60677487515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
              .rsrc0xc20000x2a3b80x2a400False0.124410595414data4.17274886097IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xee0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_ICON0xc22b00x2326PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
              RT_ICON0xc45d80x10828dBase III DBT, version number 0, next free block index 40
              RT_ICON0xd4e000x94a8data
              RT_ICON0xde2a80x5488data
              RT_ICON0xe37300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295
              RT_ICON0xe79580x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
              RT_ICON0xe9f000x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
              RT_ICON0xeafa80x988data
              RT_ICON0xeb9300x468GLS_BINARY_LSB_FIRST
              RT_GROUP_ICON0xebd980x84data
              RT_VERSION0xebe1c0x3b0data
              RT_MANIFEST0xec1cc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Version Infos

              DescriptionData
              Translation0x0000 0x04b0
              LegalCopyrightPaul Harris 2016
              Assembly Version251.2.0.0
              InternalNameStoreApplicationReference.exe
              FileVersion251.2.0.0
              CompanyNamePaul Harris
              LegalTrademarks
              Comments1992 Alpine A 610
              ProductNameReloadManager
              ProductVersion251.2.0.0
              FileDescriptionReloadManager
              OriginalFilenameStoreApplicationReference.exe

              Network Behavior

              No network behavior found

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Start time:02:06:08
              Start date:12/06/2021
              Path:C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe'
              Imagebase:0xe0000
              File size:949760 bytes
              MD5 hash:B9032E2B7B07123F625F5D9E6E4F4796
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.652273897.0000000003539000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.652401187.0000000003671000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.651977772.000000000256F000.00000004.00000001.sdmp, Author: Joe Security
              Reputation:low

              General

              Start time:02:06:11
              Start date:12/06/2021
              Path:C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\http___192.3.141.164_mal_win32.exe
              Imagebase:0xba0000
              File size:949760 bytes
              MD5 hash:B9032E2B7B07123F625F5D9E6E4F4796
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.650151759.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
              Reputation:low

              Disassembly

              Code Analysis

              Reset < >

                Executed Functions

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID: $%&l$tow$tow
                • API String ID: 0-3906631308
                • Opcode ID: de89ca87f04bb1fa4ff7626acde71e5f7b319f0138f9d022818b12dda8e380b9
                • Instruction ID: 07864c537eb37a6fc59cff343050ff80900b80ec03eb13441ba36702020d35ad
                • Opcode Fuzzy Hash: de89ca87f04bb1fa4ff7626acde71e5f7b319f0138f9d022818b12dda8e380b9
                • Instruction Fuzzy Hash: C532BB717012049FDB19DB69E590BAEB7F6AF88314F1080BDE9069B3A1CB35ED01DB51
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID: V{$jFl$jFl
                • API String ID: 0-2117457548
                • Opcode ID: aa32f7e371c5f1a464d61f25ced2937b6a110a1bfa8167d70365f9d6b9cfa4c6
                • Instruction ID: bdccf5ae56f8c3e0f5fcaefcf8a8ccf1dd385b07daacf5bfaad4bfc16cfa91ab
                • Opcode Fuzzy Hash: aa32f7e371c5f1a464d61f25ced2937b6a110a1bfa8167d70365f9d6b9cfa4c6
                • Instruction Fuzzy Hash: 59917CB0E19609DFCB04CFA5E5819ADFFB6FB89310F10982AE415AB354E734A8419F14
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66be2a31fa8ed6a533188b7a4a141ef1b10fbc07dce46962fc8c9a62daceaeeb
                • Instruction ID: 038f3d0c0ff89dfc59d8eed82e1649cb9d1b72c0a8bc94179962de764740ee48
                • Opcode Fuzzy Hash: 66be2a31fa8ed6a533188b7a4a141ef1b10fbc07dce46962fc8c9a62daceaeeb
                • Instruction Fuzzy Hash: 8C526B31A006199FCF15CF58C880AAEB7F6FF45304F1584A9E90AAB262D770FD85CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8db3cadea3aece8cc4da86f8dea2e801e1ebf9e7239086c38af04e5a2590961
                • Instruction ID: b4f75152652520ec832d72e9bf0130f6cd6be006aa86b75aacd258f5fdf195ec
                • Opcode Fuzzy Hash: c8db3cadea3aece8cc4da86f8dea2e801e1ebf9e7239086c38af04e5a2590961
                • Instruction Fuzzy Hash: 71A16D35E00319CFCF04DBE4D8549DDBBB6FF8A314F148625E516AB6A1EB30A946CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb0dca61dd1c70008dbf91527d1b535b2520ed6a8eeeb358ecfe935485990f4f
                • Instruction ID: fffd9f28d330205de5882bd63db1b47a212782878214251e91572e6cc5449fca
                • Opcode Fuzzy Hash: cb0dca61dd1c70008dbf91527d1b535b2520ed6a8eeeb358ecfe935485990f4f
                • Instruction Fuzzy Hash: 60A115B4E00218CBEF14DFA5CA447DEBBB2BF89314F10D069D909AB251EB316A85CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 926470fbadeee423f7d6daacca031211a77d4905a0f5ed8c17b4e5d21ba6959b
                • Instruction ID: abd647686b45eef9a463747f53f4e5697bfa2a99670d42b709c20a99e977fc89
                • Opcode Fuzzy Hash: 926470fbadeee423f7d6daacca031211a77d4905a0f5ed8c17b4e5d21ba6959b
                • Instruction Fuzzy Hash: DBA11871E14629CBDB28CF66D844BEDBBB2BB88300F10C5EAD509A7254EB745A85DF10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df582facb891b2f528c4586fb02deed92ff500040414573f732302dcc49565ec
                • Instruction ID: ac17d56ffc992bfffb9881e18b5a1de47bedc719bf3e80bfaed357b6c3fe854c
                • Opcode Fuzzy Hash: df582facb891b2f528c4586fb02deed92ff500040414573f732302dcc49565ec
                • Instruction Fuzzy Hash: C4A16771E042698FDB28CF66DC44BDDBBB2BB89300F14C5EAD409A7255E7345A86DF10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: adbbf2f36cbdb653978f4ee471a7afe3421478bb199dd30dc21d7bc362eb91bb
                • Instruction ID: 1daccc59eb0374d94937126514d3fda9b8a2ffbe48ecb4cc80da2d8a88fcbab0
                • Opcode Fuzzy Hash: adbbf2f36cbdb653978f4ee471a7afe3421478bb199dd30dc21d7bc362eb91bb
                • Instruction Fuzzy Hash: 1C816E35E00719DFCF04DBE0D8449DDBBBAFF8A304F148615E516AB665EB30A94ACB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aecfe8e2745975cf6f1eb0112a104c1936161ccbae444d11dc1c9b91f8bd8168
                • Instruction ID: 00926efeb2287ea3f9dd126d33e1a89eef1a27097f47d34de7c9f7d5cc31760e
                • Opcode Fuzzy Hash: aecfe8e2745975cf6f1eb0112a104c1936161ccbae444d11dc1c9b91f8bd8168
                • Instruction Fuzzy Hash: 80813574E5022ACFDB24CF61D844BEDB7B2BB89300F1085EAD50AA7250E7706AC5DF10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a3b2be21c80eafbfbfb9929bbc1e96abef2bfcaf073a0ad59471ae8dd46c0e6
                • Instruction ID: ef5f2da7cac0f86c0432990e1aa266937799bd8693a5f7f98475879ad50ba7b2
                • Opcode Fuzzy Hash: 7a3b2be21c80eafbfbfb9929bbc1e96abef2bfcaf073a0ad59471ae8dd46c0e6
                • Instruction Fuzzy Hash: 78813774E5022ADFDB24CF51DD44BEDBBB2BB88300F1085EAD50AA7254E770AA85DF10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5090f3fab9742d4fb4341a7df60b64cbd269f82a3f41420a8aa1638299b35902
                • Instruction ID: 87cb0f3ebdcc8e7b2dfc0477df1ab753bb86a571157fbe0c77dddbc56e10d797
                • Opcode Fuzzy Hash: 5090f3fab9742d4fb4341a7df60b64cbd269f82a3f41420a8aa1638299b35902
                • Instruction Fuzzy Hash: 47312070D06218DFDB14DFA5E548BEDBBF0BB0A301F1458AAE811B3280D7796985EB64
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3bc94feffc7360df900c763a0ea7b63b0223996825e6eda213bbfd046a6eebf
                • Instruction ID: b2bab52f5262d7324ad9895dc98b02599575e9ae51d6bb4f43632f9cde8d96ad
                • Opcode Fuzzy Hash: e3bc94feffc7360df900c763a0ea7b63b0223996825e6eda213bbfd046a6eebf
                • Instruction Fuzzy Hash: DB314670D06218DFDB14DFA4E548BEDBBF0FB0A305F1458AAE841B3241C7796985EB64
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • GetCurrentProcess.KERNEL32 ref: 00A97100
                • GetCurrentThread.KERNEL32 ref: 00A9713D
                • GetCurrentProcess.KERNEL32 ref: 00A9717A
                • GetCurrentThreadId.KERNEL32 ref: 00A971D3
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: b3cc9add0d06bc02b2f7002c3484de63629c15f82e26d3b0fc87c2a485fdcd24
                • Instruction ID: 8f2b6455d2ddb9a0716dde8187a9e98b082b60972bdd2c582d460348e7fcb313
                • Opcode Fuzzy Hash: b3cc9add0d06bc02b2f7002c3484de63629c15f82e26d3b0fc87c2a485fdcd24
                • Instruction Fuzzy Hash: AB5166B4904248CFDB24CFAAD988BDEBBF0FF48304F208569E419A7660D7749945CF65
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • GetCurrentProcess.KERNEL32 ref: 00A97100
                • GetCurrentThread.KERNEL32 ref: 00A9713D
                • GetCurrentProcess.KERNEL32 ref: 00A9717A
                • GetCurrentThreadId.KERNEL32 ref: 00A971D3
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: f43509427271f90cfe67833cf0547cb1b69ec57761af7906157b0cab5f69c168
                • Instruction ID: d7f6e07de6acfd953f8505f4e0c3fc73ab421d30c465ceb890ce0968f9ae9edf
                • Opcode Fuzzy Hash: f43509427271f90cfe67833cf0547cb1b69ec57761af7906157b0cab5f69c168
                • Instruction Fuzzy Hash: F05155B0A042498FDB14CFAAD988BDEBBF0BF48314F208569E419A7260D7749945CF65
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00A9C306
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: HandleModule
                • String ID: tow$tow
                • API String ID: 4139908857-1740095748
                • Opcode ID: 419c6e9adacc3c4de831e5489d2cee3ef2035c8a0f40828df8d65d10a4f6f965
                • Instruction ID: c1a72f5af038a625e5d89c0d25b4415b5b2467d7c1efd4ea7817d920e5c54caa
                • Opcode Fuzzy Hash: 419c6e9adacc3c4de831e5489d2cee3ef2035c8a0f40828df8d65d10a4f6f965
                • Instruction Fuzzy Hash: E7814670A00B058FDB24DF69D54079ABBF1BF88314F108A2DD48ADBA51D735E90ACF91
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: $%&l$$%&l
                • API String ID: 0-4187288389
                • Opcode ID: 1d1420a76582028d02b88179e649709dad63e53b226c25d7fab97d06884a4491
                • Instruction ID: bc51034893b926171da29125d1e7d7bf16883adff36b1d459fa5abc3ddb737ed
                • Opcode Fuzzy Hash: 1d1420a76582028d02b88179e649709dad63e53b226c25d7fab97d06884a4491
                • Instruction Fuzzy Hash: 8E3106316042008FDB14EF78C54959BBBF6EF85318B05C46DD90ADB751EB35E80ACB91
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A9E28A
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: 5077c43c5ba408f3f8af79da7e0b4b9c84c29a0ba0f724e6d5a7796fe049ec0f
                • Instruction ID: f6d29f849d94f58518a3f2ac0bf92df38699b8875127ce1f44ef2a064a5bd0dd
                • Opcode Fuzzy Hash: 5077c43c5ba408f3f8af79da7e0b4b9c84c29a0ba0f724e6d5a7796fe049ec0f
                • Instruction Fuzzy Hash: FA51BEB1D003499FDF14CF9AC884ADEBBF5BF48314F24826AE819AB251D7749985CF90
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A9E28A
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: b41fa52345e60b99ac875f95682230f1e9edeab39828c4f8cd3e9c289263b59e
                • Instruction ID: b7ee9693f4111e6cec78925ce0097eef19afd612dfd8e253a3f473ba6a7baa52
                • Opcode Fuzzy Hash: b41fa52345e60b99ac875f95682230f1e9edeab39828c4f8cd3e9c289263b59e
                • Instruction Fuzzy Hash: F741AFB1D003599FDF14CF9AC884ADEBBF5BF48314F24822AE819AB251D7749985CF90
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 04A70D91
                Memory Dump Source
                • Source File: 00000000.00000002.653621399.0000000004A70000.00000040.00000001.sdmp, Offset: 04A70000, based on PE: false
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: 6b4a181734052e6e176b6d4c7774a7174d1508b60f4b6786b6334fffc06432ad
                • Instruction ID: ce8646c39a7f41c8890ceb435e8fc523098e68f0c2604c122d0cb2e91cc22e75
                • Opcode Fuzzy Hash: 6b4a181734052e6e176b6d4c7774a7174d1508b60f4b6786b6334fffc06432ad
                • Instruction Fuzzy Hash: 104109B4A04309CFDB24CF99C888A9ABBF5FB88314F14C559D519AB322D774A941CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22648d9f64673e9e048b7fa0a77d318f574b08dc3da1e582a4cb85c5c0f5af86
                • Instruction ID: 32e5dfd4ae5fc2bd73ad6f9d8cce5a9fcf8614173f1b37263847b7472d032973
                • Opcode Fuzzy Hash: 22648d9f64673e9e048b7fa0a77d318f574b08dc3da1e582a4cb85c5c0f5af86
                • Instruction Fuzzy Hash: C5318D71A04208DFEF25CF95D844BEEBBF8FF48314F24856AE505AB252CB759806CB60
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A9734F
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: bf914fcde4f64d19487a473f7610fd559b6f1822dd619b5e9df61dc8a44bdb73
                • Instruction ID: 635a1b39b099cc2f19359388325adefac2d7795d1bf17040c8dd665200352acc
                • Opcode Fuzzy Hash: bf914fcde4f64d19487a473f7610fd559b6f1822dd619b5e9df61dc8a44bdb73
                • Instruction Fuzzy Hash: E221E3B59042499FDB10CFAAD888ADEFBF4FB48324F14815AE914A7350D374A954CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A9734F
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 9a4e462183499ab4dc67e8081e54949ce9b806987aefa4e98e4bd5fad7a8e552
                • Instruction ID: 4ab98ddc51db43e1ef5ee2cf86521c8b6acdcb4cf12788bb1472a0f729a356e3
                • Opcode Fuzzy Hash: 9a4e462183499ab4dc67e8081e54949ce9b806987aefa4e98e4bd5fad7a8e552
                • Instruction Fuzzy Hash: BA21D5B59002489FDF10CFAAD484ADEFBF4FB48324F14841AE914A7310D374A954DFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A9C381,00000800,00000000,00000000), ref: 00A9C592
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: 5526cf9b6b573152a52230f95ef0478b45eb7e20a35cbe4802720ef47b82d133
                • Instruction ID: 805c50bab5bf8cfb22b5babcc0480c6342fe6e635ee39e5215512c4eede93770
                • Opcode Fuzzy Hash: 5526cf9b6b573152a52230f95ef0478b45eb7e20a35cbe4802720ef47b82d133
                • Instruction Fuzzy Hash: 3B1123B2D002498FDB10CF9AD484BDEFBF8EB88324F15842AD915A7200C375A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A9C381,00000800,00000000,00000000), ref: 00A9C592
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: dd22232d63ca9b723d39ee5ea02c253394c4db587f91848623fba353753ca4b4
                • Instruction ID: 3d61a5b1a68edc30b9c419a038f1e896ba81799fe67897bb1ebca64b8afce85e
                • Opcode Fuzzy Hash: dd22232d63ca9b723d39ee5ea02c253394c4db587f91848623fba353753ca4b4
                • Instruction Fuzzy Hash: C01114B69002088FDF10CF9AC444BDEFBF4EB88320F15842AD515A7200C374A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00A9C306
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 814e38d5a8ba6bd1deb10aded9210e492695935cb427e6bde99ac541279d29f2
                • Instruction ID: cc2d31637eb1b2b687a01ab9a5a6d932c64967dcf83add4be41dacb15f5f68cf
                • Opcode Fuzzy Hash: 814e38d5a8ba6bd1deb10aded9210e492695935cb427e6bde99ac541279d29f2
                • Instruction Fuzzy Hash: 1A11E0B6D006498FDB20CF9AD484BDEFBF4AB88324F14856AD829B7600C374A545CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0457237D
                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 7e3bfc59927a1acabdf3bc062e1dc94246ebf9a9b9fc26baabc1749c9ab386d5
                • Instruction ID: 02e35e1ff7811af166f31b7597d795871e794ea71f338e7706ab62abc0e2f965
                • Opcode Fuzzy Hash: 7e3bfc59927a1acabdf3bc062e1dc94246ebf9a9b9fc26baabc1749c9ab386d5
                • Instruction Fuzzy Hash: 3B11C5B59003499FDB20DF9AD488BDEBBF8FB48324F148469E955A7600D374A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • SetWindowLongW.USER32(?,?,?), ref: 00A9E41D
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: 21f955347af75a776ef15dea9c37bc9958636f8eae50fa5c6da6da8455cbf50a
                • Instruction ID: 7bf4a1309a918f6fb977a1992f5f264da64a71b13241682d43e02ea4ed394fc2
                • Opcode Fuzzy Hash: 21f955347af75a776ef15dea9c37bc9958636f8eae50fa5c6da6da8455cbf50a
                • Instruction Fuzzy Hash: F31106B59002099FDB10DF9AD488BDEFBF8FB88324F10855AD915A7601C374A945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0457237D
                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 8c03bb377e35f31c5f31bdf8a71eee74cf678e3c165c7925827c46aba376d5b7
                • Instruction ID: 8faabb46fdf34d55711ea9666ea55be4f737e43e5bbf7ea598252856d708bd60
                • Opcode Fuzzy Hash: 8c03bb377e35f31c5f31bdf8a71eee74cf678e3c165c7925827c46aba376d5b7
                • Instruction Fuzzy Hash: B311D6B58003499FDB10CF9AD485BDEBFF8FB49324F148459E954A7600C378A545DFA1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • SetWindowLongW.USER32(?,?,?), ref: 00A9E41D
                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: b453a9cd75b35378f79d0a997c16f2823c41136f5115098bae12b9c0c1f64b81
                • Instruction ID: 3b3bf285ea9c45e872cba35716cb0a5076c842926d1b260839a10fe8829f23a5
                • Opcode Fuzzy Hash: b453a9cd75b35378f79d0a997c16f2823c41136f5115098bae12b9c0c1f64b81
                • Instruction Fuzzy Hash: E01112B59002098FDB20CF9AD488BDEFBF8FB88320F10841AD915A7700C374A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: D0*l
                • API String ID: 0-976622781
                • Opcode ID: be1002d820ec53f0acc78c034fea8613ea2e98bc3ffae56b20ae9c8596bddf38
                • Instruction ID: 8e47aacbe1e35b0812a66a7ff4f4d336a4439ba0c9f204bb033fc53ae704384b
                • Opcode Fuzzy Hash: be1002d820ec53f0acc78c034fea8613ea2e98bc3ffae56b20ae9c8596bddf38
                • Instruction Fuzzy Hash: BD5106B5F041158FCF14EFB8DB5426DB7B2AF84254F12407ADD4AAB3A0EB75AD018B90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: $,*l
                • API String ID: 0-338475434
                • Opcode ID: 8ae8b4c39ca3023116b95e97067b0a7994ac3138e609d2d0e385fbeade9694e8
                • Instruction ID: b0e1611ffc37599de31d170c36c4d1f694738a21d7db1a66b5b5fe2d8ffd290a
                • Opcode Fuzzy Hash: 8ae8b4c39ca3023116b95e97067b0a7994ac3138e609d2d0e385fbeade9694e8
                • Instruction Fuzzy Hash: FB810474E05218DFDB18DFA5DA48AADBBB2FF89305F10802AD809AB364DB346D45CF40
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: $,*l
                • API String ID: 0-338475434
                • Opcode ID: 1b6445ab788fb0310b49a53464fbd16e92888aa83fa21a8f7a29bed0d59aee94
                • Instruction ID: a17145f053808f62b54ab1e33861d536810e695c449e09209053079a1b2e2100
                • Opcode Fuzzy Hash: 1b6445ab788fb0310b49a53464fbd16e92888aa83fa21a8f7a29bed0d59aee94
                • Instruction Fuzzy Hash: D3711574E01218DFDB18DFA5DA846EDBBB2FF89304F10802AD809AB364DB356945CF40
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: $%&l
                • API String ID: 0-3075001641
                • Opcode ID: 7af963f75d850a4e67635dd17de90ba44eb013b472f9a2b6fde4e4b857cf8a31
                • Instruction ID: e44af649e7680c4ebf0a99b4cbf504e069c3daa99244519683f4b1b2d46e03fd
                • Opcode Fuzzy Hash: 7af963f75d850a4e67635dd17de90ba44eb013b472f9a2b6fde4e4b857cf8a31
                • Instruction Fuzzy Hash: F33169B4D01209EFDB14DFA8D6446EEBBB5FF49314F104829E805B3254D7346845CFA8
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: $%&l
                • API String ID: 0-3075001641
                • Opcode ID: d0aa921448817dc5dab05a7565274a788384edd20ec5ece1d198bfef4c8d0254
                • Instruction ID: dd7988ce75b2126f9772b76ef13be12d2f31d0ccd1b2dcf710ad3b167a687786
                • Opcode Fuzzy Hash: d0aa921448817dc5dab05a7565274a788384edd20ec5ece1d198bfef4c8d0254
                • Instruction Fuzzy Hash: 9F3136B4E02208EFDB14DFA8D648AEEBBB5FF49311F104829E815B3254D7346945CFA8
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6450d546a3fc8a11e18abad85324ee425e7cc57d230a8c96c7eeada58012c6b5
                • Instruction ID: a19e92f9d37196854c29a7144b52371eb33494ab449a8b07559ce73a709e9c8f
                • Opcode Fuzzy Hash: 6450d546a3fc8a11e18abad85324ee425e7cc57d230a8c96c7eeada58012c6b5
                • Instruction Fuzzy Hash: 0162F0B0D04F55CBDB749FB4A6883DE7BA1AB49300F20491FD8AACE264D734A4D6DB11
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13b911706c184b9f0da0d8c291d7c648023cc225ba94526037f54aa368d5cf62
                • Instruction ID: 1ee383536be354636394e13198165e1bf468d072732e43d9d9eb16b5a5882d95
                • Opcode Fuzzy Hash: 13b911706c184b9f0da0d8c291d7c648023cc225ba94526037f54aa368d5cf62
                • Instruction Fuzzy Hash: F4125EB0D09F96CADB749FA496843DEB690AB09310F204D1BC4FACD265D734A0D7EB45
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36e6e99f15340db8c82d3dfaefe629dddc6ceef3593a9b0e0c73d3c918195cd4
                • Instruction ID: baa930b76722a2b52f393a87b19973519c8074ba4d0564fe66a31e3141675234
                • Opcode Fuzzy Hash: 36e6e99f15340db8c82d3dfaefe629dddc6ceef3593a9b0e0c73d3c918195cd4
                • Instruction Fuzzy Hash: 17B161B4E08249CFDF04CFA9CA84AAEBBF5BF89314F158015E918AB761D774A8418F51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d72bbfcbab1ae1f342683c41b373f40d85861ed1835fcc3ca084aff82fcf91e2
                • Instruction ID: 0f85443e37ff694db6b288457a59dcf26e065552cc539a9d4ad897f06c770115
                • Opcode Fuzzy Hash: d72bbfcbab1ae1f342683c41b373f40d85861ed1835fcc3ca084aff82fcf91e2
                • Instruction Fuzzy Hash: 3A51CE71B002158FDB15EB7989444AFBBB6FFC4224715856AE91ADB3A0EB34AC0587A0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d846c0e13c0ac4a0c6a7512f1a62e4c2220ef0f1b3577365128a3add7937c690
                • Instruction ID: aaecdbcdd630f0232900852ac931d30f3b640eb69f2eee0f66a7ad156cae463a
                • Opcode Fuzzy Hash: d846c0e13c0ac4a0c6a7512f1a62e4c2220ef0f1b3577365128a3add7937c690
                • Instruction Fuzzy Hash: 82512C74E09249CFDB04CFA8DA44BEEBBB5FB89304F14802AD919BB351E774A9458B50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c6f42cca03adff5c78c46b6105adb0478b884c1537c5f50b685e9b80f25f173
                • Instruction ID: c53faba6f1a91c22d0ca4db6c7d1788a1f5d24e0a78cc2b42746f5dbaa0262d2
                • Opcode Fuzzy Hash: 3c6f42cca03adff5c78c46b6105adb0478b884c1537c5f50b685e9b80f25f173
                • Instruction Fuzzy Hash: 2451E474E05309CBDB14DFA9D9446EEBBF2FF89324F108029D815AB254EB746945CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4039546788fc0f3bf041c3e348a3cb8628b0b82f2728df1d5a42e273f459a4c4
                • Instruction ID: a4de686e2593c0cebfb162365d3f12ddfb118fca8512ff5403c6af7488417dac
                • Opcode Fuzzy Hash: 4039546788fc0f3bf041c3e348a3cb8628b0b82f2728df1d5a42e273f459a4c4
                • Instruction Fuzzy Hash: FD41E4B1D04259DBDB20CF99C984ACEFBB5FF58308F258029D409BB214D7716A8ACF91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b54dfdc59e8c35d7b53a91b2358d44090fa55d244373b9fcc64d1282ed5309c8
                • Instruction ID: ae93f41950bfc472b1cbcb7e45234f4fea9670997791640c4f0b52994ec66e25
                • Opcode Fuzzy Hash: b54dfdc59e8c35d7b53a91b2358d44090fa55d244373b9fcc64d1282ed5309c8
                • Instruction Fuzzy Hash: C841D4B1D04259DFDB20CFA9C984ACEFBB5BF59304F258029D508BB210D7756A86CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651400571.000000000076D000.00000040.00000001.sdmp, Offset: 0076D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee97a8b4375dd5c2f7447b0ca0881e7111bf4dc1246aaec3a932f294e4d4a643
                • Instruction ID: 5f6b5e240ea1a48e0cac9b1ea1dd742fa8fa3c652a7eb3538b89f7b66a9b48bc
                • Opcode Fuzzy Hash: ee97a8b4375dd5c2f7447b0ca0881e7111bf4dc1246aaec3a932f294e4d4a643
                • Instruction Fuzzy Hash: CD2106B1A04284EFDB25DF10D9C0F26BF65FB98324F24C569DD0A4B246C73AEC46C6A1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 075429f360ab92eb8ca34f462dfa7c1e454563851aaf6997fd2614c63be07f5a
                • Instruction ID: d4a1385bef8d0ee627fd23ab13a502430ff72e76aa5d9aa558bf25b6d31ee410
                • Opcode Fuzzy Hash: 075429f360ab92eb8ca34f462dfa7c1e454563851aaf6997fd2614c63be07f5a
                • Instruction Fuzzy Hash: 1D213A727042549FDB11CB78ED804BA7FF9FB89255318846BE909C7261EB359C06C790
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651410959.000000000077D000.00000040.00000001.sdmp, Offset: 0077D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2af5c01316f17d4b43150e945a16271fccc6f4b1898363f1d0f3aa79cfb2380f
                • Instruction ID: 5cd11df568ec36ad11d6fac32d64e4a98ea51bcdc54aed3f8dde36213dda1f4b
                • Opcode Fuzzy Hash: 2af5c01316f17d4b43150e945a16271fccc6f4b1898363f1d0f3aa79cfb2380f
                • Instruction Fuzzy Hash: FA21C1B1604204AFDF25DF10D5C0B26BBB5FF88368F24C5A9D9494B246C33ADC46CA61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651410959.000000000077D000.00000040.00000001.sdmp, Offset: 0077D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b6d401a57de36e7fad308a3d6c4f1458c3a687b5c8c981b42e4eabad730fcec6
                • Instruction ID: ef382f1526bf8b6c430b62981df533bd3125ad6066463cc6cc18cb67915dd022
                • Opcode Fuzzy Hash: b6d401a57de36e7fad308a3d6c4f1458c3a687b5c8c981b42e4eabad730fcec6
                • Instruction Fuzzy Hash: 8A21C1B5504244DFDF24DF10D9C4B26BBB5EB88354F24C569D90D4B246C37ADC46CA61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d010617a74099f397aadb0b2e8117daf9ad345c64d51af5d25b87d55416ab6f1
                • Instruction ID: 36f5e144d70ce0e70f565549d6425a94335553813b2caffe219788a61dea0712
                • Opcode Fuzzy Hash: d010617a74099f397aadb0b2e8117daf9ad345c64d51af5d25b87d55416ab6f1
                • Instruction Fuzzy Hash: E931B4B0D01258DFEB20DF99C688BDEBBF4AB48714F148159E804BB250D7B96945CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a022aaefd5c4a4ff213a607cef4a189431cc2d1231e31c5a649dd94b5e2a4f1
                • Instruction ID: 9d9d41338ee01faeda658369ffda461f7edb34ac7f97cff4058e6aa739c9c518
                • Opcode Fuzzy Hash: 9a022aaefd5c4a4ff213a607cef4a189431cc2d1231e31c5a649dd94b5e2a4f1
                • Instruction Fuzzy Hash: C9115E32B002198BCF14EBB899106FEB7F2EF84355B104179C914EB394EB31AD56CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651400571.000000000076D000.00000040.00000001.sdmp, Offset: 0076D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2330691ba4d7911e2eb2ecb7cf07cc4824dc234649578f840251faf07cc16324
                • Instruction ID: 00b943afd474729189d03f6dda2dbe11f4b037a4ded529b478cd74f7adc01f7c
                • Opcode Fuzzy Hash: 2330691ba4d7911e2eb2ecb7cf07cc4824dc234649578f840251faf07cc16324
                • Instruction Fuzzy Hash: 54116D76904284DFCB15CF10D5C4B16BF62FB94324F28C6A9DC494A656C33AEC56CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651410959.000000000077D000.00000040.00000001.sdmp, Offset: 0077D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bbf2c8cf6e9aa963d3f8e87034f12a02946631990a170d17c82b680eb3c0f293
                • Instruction ID: 7223bc2a62afc4f3b2ac8e2c2788e8b3764ef76364f6ae44027bce8f86c98a77
                • Opcode Fuzzy Hash: bbf2c8cf6e9aa963d3f8e87034f12a02946631990a170d17c82b680eb3c0f293
                • Instruction Fuzzy Hash: 3111BB75504280CFCB21CF10D5C4B15BBB1FB88324F28C6AAD8094B656C33AD85BCBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651410959.000000000077D000.00000040.00000001.sdmp, Offset: 0077D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bbf2c8cf6e9aa963d3f8e87034f12a02946631990a170d17c82b680eb3c0f293
                • Instruction ID: 567ca98603b04784ce8625d1891d790b27821470762c4f3fed81060bf76b5b21
                • Opcode Fuzzy Hash: bbf2c8cf6e9aa963d3f8e87034f12a02946631990a170d17c82b680eb3c0f293
                • Instruction Fuzzy Hash: 70117975904280DFCB21CF10D5C4B15BBB1FB84324F28C6A9D8494B656C33AD84ACB61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcb712afd33db7b13ae5da88021a9e2ebea8af4c8177784f1fcd036bc53a019b
                • Instruction ID: 5d29899b4de75208fc3bec7fc16bc3714d933d714dc1fd3c8410ed5706874cee
                • Opcode Fuzzy Hash: bcb712afd33db7b13ae5da88021a9e2ebea8af4c8177784f1fcd036bc53a019b
                • Instruction Fuzzy Hash: 9D1103B19042489FDB20DF9AC588BDEFBF4EB48324F14846AE915B7310D374A944CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e058576d1ee7fa5acf385cb9c4ea5cc1e5c9c46df247ecdefa987e752ab608b6
                • Instruction ID: 5f4ef6127c3832302ee75f2c3390d2e0582858de8aedef9b1700f31ea1498101
                • Opcode Fuzzy Hash: e058576d1ee7fa5acf385cb9c4ea5cc1e5c9c46df247ecdefa987e752ab608b6
                • Instruction Fuzzy Hash: DC019E74D05208EFCB14EFA4E544AACBBB0FB09324F108196DD18AB360E731AE44DF11
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651400571.000000000076D000.00000040.00000001.sdmp, Offset: 0076D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdc4bbb3bdb46567cda14b85fc1be5e957e2230fc5fcfacbd06d32b83e7d89a0
                • Instruction ID: c1249df42a60f8ffe496ff45cdddd658b7f54e6e5470931f65e5601275beea95
                • Opcode Fuzzy Hash: bdc4bbb3bdb46567cda14b85fc1be5e957e2230fc5fcfacbd06d32b83e7d89a0
                • Instruction Fuzzy Hash: 8801F7719093449EE7208B26CCC4766FB98EF40734F18C06AED065E242C37C9C40CAB2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 743a9a2bdda5e04576df4dd6c7f694e18349dd8ab1b5ef1a13f1aad460e0b1da
                • Instruction ID: bc2d774d7abb86bafd661836ccdc23e7f8569e1b5e9f21d5286ace8c108072af
                • Opcode Fuzzy Hash: 743a9a2bdda5e04576df4dd6c7f694e18349dd8ab1b5ef1a13f1aad460e0b1da
                • Instruction Fuzzy Hash: 8DF0F6B1C0E288AFD7258BA4DA405A87FB4FB16305F0040EADC4557666D3346916F751
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651400571.000000000076D000.00000040.00000001.sdmp, Offset: 0076D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 707d3a8d9783186a77a29d225fe1a5da9d35939624995fd508a7f00bd13c5580
                • Instruction ID: 2a153ab881603fa4280bc91ed9102caec4fe1d1c60ac53a0895126074dae831a
                • Opcode Fuzzy Hash: 707d3a8d9783186a77a29d225fe1a5da9d35939624995fd508a7f00bd13c5580
                • Instruction Fuzzy Hash: 97F062715042889EE7208B16DDC4B62FB98EB55734F18C45AED095F686D3789C44CAB1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70c27f77926755cf47c986984ca90b95988ef450b32dde07f9f19384fc72c428
                • Instruction ID: 8d397d37cbb25df1f08890bdf98665a51eb374f2f07d14decdd12b4eb0043b56
                • Opcode Fuzzy Hash: 70c27f77926755cf47c986984ca90b95988ef450b32dde07f9f19384fc72c428
                • Instruction Fuzzy Hash: 8BF0BBB37042159FE704CFA9DE449AB7FFDFBA9250705803BE909C7251EA305901C760
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2cef5dbe68c048082ede8e7d6ed6fdbf8df1f38491e302242bf114146052709f
                • Instruction ID: 7a6b639c30136bd4c1e6ba2abdfcde2cddce9f45311f54b6476d93f7df959ad5
                • Opcode Fuzzy Hash: 2cef5dbe68c048082ede8e7d6ed6fdbf8df1f38491e302242bf114146052709f
                • Instruction Fuzzy Hash: D201E870810219EFEB14CF6AC5047AEBAF1BF48354F11C625E828AA2B0D7745A41CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a22e2d256680c538ad8d115e274e92726f4d5bd979a6b9a03b963be4ee09a22
                • Instruction ID: f9e4edf3f3fa0d078cafe650d1d6afcd7a38c370d3c2dc2f7de859f487c38183
                • Opcode Fuzzy Hash: 9a22e2d256680c538ad8d115e274e92726f4d5bd979a6b9a03b963be4ee09a22
                • Instruction Fuzzy Hash: 7EE039727041246F5304DB6AE884C6BBBEEEBCD674351813AF909CB310DA309C0186A0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c0cf93125251fa535e79d7d31c5a68007a14984a9b689b2de7906f29b733317
                • Instruction ID: 2ca0659b490a49c9f54d861756a37c0f9b2c39df9b60f05b13a1bfd9912ac866
                • Opcode Fuzzy Hash: 5c0cf93125251fa535e79d7d31c5a68007a14984a9b689b2de7906f29b733317
                • Instruction Fuzzy Hash: A3F0F470E08209DFDB44DFA9C9446AEBBF4FF48304F5085A9D918E7321E730AA40CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c90b0523998d1ba7a0dfbf4772acae1fe257b1b68f61c04d9407df6a6240afd
                • Instruction ID: aab942af7df9c7b84fb8f568e28a43d2c30df1c9be2c610656f1d6db84b5b6e8
                • Opcode Fuzzy Hash: 2c90b0523998d1ba7a0dfbf4772acae1fe257b1b68f61c04d9407df6a6240afd
                • Instruction Fuzzy Hash: BEF09774E04219DFDB44DFAADA447ADBBF4FB48305F1285A9D818D7321E770AA808B51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5b751a75574ca0f9745322d28bda86babc52b06b633f874e655920ddd2633f9
                • Instruction ID: c84b44514c78f9f87dba984d26f11bbd0a3f02127ebe0c4f2c5478d6688000bb
                • Opcode Fuzzy Hash: c5b751a75574ca0f9745322d28bda86babc52b06b633f874e655920ddd2633f9
                • Instruction Fuzzy Hash: A1F01774A49349DFC740DFB8D9546AEBBF0FB49300F4045AAD958D7321E7749A42CB41
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba503dc4e8325b4b06010628d5879aacd994118b7a8d43e3027bc0fc27255457
                • Instruction ID: a98c5d510411bc51fe96f9c691d2a2209e7a9d1431970aca55b191d75389a14d
                • Opcode Fuzzy Hash: ba503dc4e8325b4b06010628d5879aacd994118b7a8d43e3027bc0fc27255457
                • Instruction Fuzzy Hash: 83F01DB4E14255CFDB54DFB8D9446AE7BF0FB49314F1145AAD848D7321D730AA80CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec836e697e7e3b700421eb5fa22ee906d1bb28af6fc8dd5d2344a8298ecdca36
                • Instruction ID: 0ff1b70edfb17d5402758b6b4de655a6775fdf285f1e4213a3ed3974dd82694b
                • Opcode Fuzzy Hash: ec836e697e7e3b700421eb5fa22ee906d1bb28af6fc8dd5d2344a8298ecdca36
                • Instruction Fuzzy Hash: 08F0E2B1A492948FD701CF78CD80B793BB0EF2B204B4601C9C854CB372E270EA01C740
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 322fa62cbbb1941a90719d95bdcf991fe99a09b56b86d36dca68c0afc588e338
                • Instruction ID: 97359f29bbb2d622810a7a3ace98f51c97e24169586b774854fcee8508fe421d
                • Opcode Fuzzy Hash: 322fa62cbbb1941a90719d95bdcf991fe99a09b56b86d36dca68c0afc588e338
                • Instruction Fuzzy Hash: 1FE09270809208EFCB24DFA4DA456ADBFF4EB05305F104169DD4923A15C3312966EB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffc6453cea7874eda34962099a989209674f7439cf5a60c947f0f3b2421b81b0
                • Instruction ID: 8955f9f0100929747389fb4040710aee61900033eeeeda3f4e454c13a74878db
                • Opcode Fuzzy Hash: ffc6453cea7874eda34962099a989209674f7439cf5a60c947f0f3b2421b81b0
                • Instruction Fuzzy Hash: 01E0CDE145E24CAFF7248B74DA01AA93B78EB0234CF0151A9D80957652D6326D17D365
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 31c2af6e82b637a53ebfe6f5dc24b929962a078834615cf61482984df6653281
                • Instruction ID: 57e6dec1ed8490726ac59c3b0b327de7f1d8c067352d154e35627ae51bc948e2
                • Opcode Fuzzy Hash: 31c2af6e82b637a53ebfe6f5dc24b929962a078834615cf61482984df6653281
                • Instruction Fuzzy Hash: BEE0D8BA808164AFE711EB54D780AC07BB4E701254F064066DC4547222D2B4FC8E87E1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4fc195e1b8736f1c8e1777ed973aa2a5ec9ce4cf3be90a6190c13c6ce5bfb8f5
                • Instruction ID: fcf5101bba908344c940fa8a0fc2833be7b477f2af903e23db4108b6cee128b6
                • Opcode Fuzzy Hash: 4fc195e1b8736f1c8e1777ed973aa2a5ec9ce4cf3be90a6190c13c6ce5bfb8f5
                • Instruction Fuzzy Hash: DCE0DF30809348EFC744EFB8E64869C7FB8EB0A318F0000A6C848E7250F7302E14CB11
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc9985d40b877f36ebb8625b3312e6003dc88cc08106e5a6912f15b1d7eea71b
                • Instruction ID: 24b148dfd9e0ff5994431d4d316b28f1675cd73b8e8dd91bead40b049df76e9b
                • Opcode Fuzzy Hash: dc9985d40b877f36ebb8625b3312e6003dc88cc08106e5a6912f15b1d7eea71b
                • Instruction Fuzzy Hash: ECE092709092489FC704EFA8D54966D7FB4EB09205F0001AAC84897252E6355E40C711
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50cff3a67984bb8b1916ad91232a4b606d19dac36f646f722d5afab5b17762ba
                • Instruction ID: 05c8902118d04792e12a8bcee1bbc0fb3e1eb45506eb7d341b2d4f4dcf7051f3
                • Opcode Fuzzy Hash: 50cff3a67984bb8b1916ad91232a4b606d19dac36f646f722d5afab5b17762ba
                • Instruction Fuzzy Hash: FDE06D70A05108DFC710EFF4E642AAD77F2EF48214B1040A9E844D7364DB351E06EF56
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2df54c20c94ab7d99705fd43ca38b6dfbc97f899abce08f2cdcd18edfc1d80de
                • Instruction ID: 7162ddb7221d63872a10dbfcfb5b3ed36968213efb066ac57bfeedb83db9c81d
                • Opcode Fuzzy Hash: 2df54c20c94ab7d99705fd43ca38b6dfbc97f899abce08f2cdcd18edfc1d80de
                • Instruction Fuzzy Hash: 22E08C352692508FD7159768D5148823BBABF8A32470688F7E485CFA73DA609C0983A2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e07ec3dc091ad6b2d6d11b793daa41cb35cf903cb76c0881780b279c402f8c93
                • Instruction ID: 464f55e7e679003db3358b24115fb329b53de677eee029f922a16d02aa354c3f
                • Opcode Fuzzy Hash: e07ec3dc091ad6b2d6d11b793daa41cb35cf903cb76c0881780b279c402f8c93
                • Instruction Fuzzy Hash: 56E0823090930CEFCB04EFA8E6096ACBBB8EB09305F1000AAC808A3210FB302E40CA50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 440ee9e2a6be57b7ebf568e4686aedaf63a49f258d25dde175ff58b167d5a03e
                • Instruction ID: 9ac691daf9f18dd9c40d5e8d1709f87135645e007a77010a436bc7b12fb53e1a
                • Opcode Fuzzy Hash: 440ee9e2a6be57b7ebf568e4686aedaf63a49f258d25dde175ff58b167d5a03e
                • Instruction Fuzzy Hash: 06E0EC7091620CDFCB54EFA8D6456ACBBF4FB09205F5001A9C90893351E7356E50DA51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 409015cd3b28bcdbf741f22ea6742e28cfba7a26f0ec05001e2fd4835bf69fca
                • Instruction ID: 4ca705f13ffbff827c95189bae5a5ad1fa8da74bd7b168011ccf5565ffc072f4
                • Opcode Fuzzy Hash: 409015cd3b28bcdbf741f22ea6742e28cfba7a26f0ec05001e2fd4835bf69fca
                • Instruction Fuzzy Hash: F4E0EC71D1520CDFC754EFB8D5456ADBFB4EB48245F1001A9C90893351EB306A54DA91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53d20a42bc1204bc1950a344508021a76f32750b64ef52a55c19c7d88a42875c
                • Instruction ID: c69c082bd8da4cdfad702aa0f7967350863e2ef82097f02fa19a4484e8e4a7bd
                • Opcode Fuzzy Hash: 53d20a42bc1204bc1950a344508021a76f32750b64ef52a55c19c7d88a42875c
                • Instruction Fuzzy Hash: 04E0EC70906208EFC718EF94E6049ADBBB9EB59301F10816ADC0527654D7312E65EB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99528b6bcca6c0c10d0046168dcd331fabaed1032b3490c6cd3b06fe0dc09c12
                • Instruction ID: 3f528217aadec830f35303f491498c38a1fc9b09a3c06a88f8325bf1a58460ae
                • Opcode Fuzzy Hash: 99528b6bcca6c0c10d0046168dcd331fabaed1032b3490c6cd3b06fe0dc09c12
                • Instruction Fuzzy Hash: 21E04F70600108EF8700EFB4E541D9DB7F6EF482247104068D80493314DB356E05AF61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3fa76cde53fb56840610abe372f6cbd099bd4f0d591375b2770b063a45eec132
                • Instruction ID: ea886f6480664087860203ff1fb76b7ee6b28c566e4e54798cb707f4877a88d5
                • Opcode Fuzzy Hash: 3fa76cde53fb56840610abe372f6cbd099bd4f0d591375b2770b063a45eec132
                • Instruction Fuzzy Hash: BBD05BF740D1545FF7035A108B814917BA0EB7620474684D2D441CB076D165D50FE751
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0560e77f2da65e80a85f9b480878ef2b799897bdc1f9bc09050a2d80b535311d
                • Instruction ID: e8f811b5411b6f99c3a26ca695c4679a8f53be3bfef94858db5a5250446627c2
                • Opcode Fuzzy Hash: 0560e77f2da65e80a85f9b480878ef2b799897bdc1f9bc09050a2d80b535311d
                • Instruction Fuzzy Hash: F7D0227048B20CDBC308DFA4E600BBE737CEB02248F008198C80C23250DB322D10D2A4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 212ee6c64ac2087e3a6eb0ed67c9d6dd4c613ef5a0bdd6569a9d05a7dffeb67f
                • Instruction ID: 1b19f77ee8e9c7fcb88f2e1f08ee5b1532a3c558904eb3b184fb986b09b83a7e
                • Opcode Fuzzy Hash: 212ee6c64ac2087e3a6eb0ed67c9d6dd4c613ef5a0bdd6569a9d05a7dffeb67f
                • Instruction Fuzzy Hash: C0D052312201288BC208EB68D40488673EEBF89720B0188BAE54ACF771DFA0AC0087D0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 714b58c202534285c168d425514010330f7ea6cb9fe37531c3c6d68438086736
                • Instruction ID: 513e75bb101107da1ac27763caff8c43b6a156ec6f4798f843cf99dc39e63505
                • Opcode Fuzzy Hash: 714b58c202534285c168d425514010330f7ea6cb9fe37531c3c6d68438086736
                • Instruction Fuzzy Hash: 88D0C9B4909799DFDB608F20CD48BD97BB4EB4A302F0050C6D80ABB311DA341B888F21
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8220bb3814819294cdf03f1438da6e88eaf9624bed03d224cde908dbab20fb9a
                • Instruction ID: 5fc703d88525845ac5ed936a341bfd252920185a8fda4e9744977faef7bcf697
                • Opcode Fuzzy Hash: 8220bb3814819294cdf03f1438da6e88eaf9624bed03d224cde908dbab20fb9a
                • Instruction Fuzzy Hash: 6BC09B37548554AFB701FB54C744C1577A5FF75718741CC91E64596034D731F914A702
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6dbc29d337f737d41a763324f33f1c01e41f067578f54519319b5c337f496c5c
                • Instruction ID: 098f1929b33dcd0d3c51cb2957820c67ee1ab6cb1be6a828ec4ddabb9a45c432
                • Opcode Fuzzy Hash: 6dbc29d337f737d41a763324f33f1c01e41f067578f54519319b5c337f496c5c
                • Instruction Fuzzy Hash: 78C012B1C007A5DECF20CF208E48589B774E786311F0051C584157F350E2306984CF44
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID: -
                • API String ID: 0-2547889144
                • Opcode ID: 821d6fc20db27caadc3dccb8644f55a6268e4706144947de450664c90d738ddd
                • Instruction ID: 9083dc4e4bab0a670deb46bbec05863cc9864e4f85ed36db43213a6d21e2ad7f
                • Opcode Fuzzy Hash: 821d6fc20db27caadc3dccb8644f55a6268e4706144947de450664c90d738ddd
                • Instruction Fuzzy Hash: 9E4123B1E056588BEB5DCF6B9D44789FAF7BFC9200F14C1BAD80CAA254DB701A858F11
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5702960d2a64ed4cabbb61cbdb24e952f86cc8b2d1499a002ff55c0ebaf618f2
                • Instruction ID: acbe33dced2fc7e293c65107a0df777901b1751d54a6c9521d1fc2ae7ba0002c
                • Opcode Fuzzy Hash: 5702960d2a64ed4cabbb61cbdb24e952f86cc8b2d1499a002ff55c0ebaf618f2
                • Instruction Fuzzy Hash: 305225B1901F06CBD710CFA5EC886997BA1FB41368F90831DD5616BAB2E3B4654BCF84
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.651725396.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 264bcba3b1d0857cb55e9541ec4198f082409859c83cc42a3f1b814e69ca8153
                • Instruction ID: a7da9f451571e97b748ce6f3c8b86ac00e0a5542f37bdaf31472c299a9b45408
                • Opcode Fuzzy Hash: 264bcba3b1d0857cb55e9541ec4198f082409859c83cc42a3f1b814e69ca8153
                • Instruction Fuzzy Hash: C1A17D32F202198FCF15CFA5DA445DEB7F2FF89300B15816AE905BB261EB71A916CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17f2aee515497fe27c006c1ec2a8f13ccc7313a19eff581ce6a4d70032f139e6
                • Instruction ID: 3c100c416059281daac5381d0267e03bbe08abf4625c2a217bc607d95a8d09af
                • Opcode Fuzzy Hash: 17f2aee515497fe27c006c1ec2a8f13ccc7313a19eff581ce6a4d70032f139e6
                • Instruction Fuzzy Hash: 26D11731D2065ACADB10EB64C994ADDB3B1FF95300F50879AD40E77264EB706AC9CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef771d32e104a9267516807b70a6698967fa9ad4410f994c0c425109bb0492dc
                • Instruction ID: 60e96396e90f84cb17e715acf0235b86b493557e3fce852dc9622b0befdc89be
                • Opcode Fuzzy Hash: ef771d32e104a9267516807b70a6698967fa9ad4410f994c0c425109bb0492dc
                • Instruction Fuzzy Hash: 05514B70E042098FD748DF79D950AAE7BB2EB88304F04C835D9159B364EF79690BDB51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653621399.0000000004A70000.00000040.00000001.sdmp, Offset: 04A70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97713f320e987c1f32e66e3f6092b40f7f8e1bb315c540f496c2a87096352142
                • Instruction ID: 67a95bb59d865cd25d713a0bcddc5df9149f0c47b9a3cdf376e412f57ece1b77
                • Opcode Fuzzy Hash: 97713f320e987c1f32e66e3f6092b40f7f8e1bb315c540f496c2a87096352142
                • Instruction Fuzzy Hash: 6C515F70A04248CFEB48DFB9E844A9E7BF2EF85344F00C439D5099B364EB38594ADB85
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653621399.0000000004A70000.00000040.00000001.sdmp, Offset: 04A70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71f9f491856faa38dba4d2c361caa8f63196fe46bf9f988036d5148530c836ea
                • Instruction ID: c308605381aae9b7c44af8b5536331cbf2c3d1613f8d4328d5bf9a467494ea5a
                • Opcode Fuzzy Hash: 71f9f491856faa38dba4d2c361caa8f63196fe46bf9f988036d5148530c836ea
                • Instruction Fuzzy Hash: 9D516D70A04208CFDB48DFB9E890A9E7BF2FF85344F00C439D4099B364EB78594A9B85
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa51ed5bd38389d869e731ae89c161acdc48e713f870742365ce535d4b8d241b
                • Instruction ID: e5d221a1eef21750042fb04122717c5defbf729c687f6eea97d037a1953591f7
                • Opcode Fuzzy Hash: fa51ed5bd38389d869e731ae89c161acdc48e713f870742365ce535d4b8d241b
                • Instruction Fuzzy Hash: B7514B70E042098FD748EF79D950AAE7BF2EB88304F04C839D9159B364EF79690ADB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653621399.0000000004A70000.00000040.00000001.sdmp, Offset: 04A70000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32f97c0f6d3db42547765ed1c0e129e6afb1c8b80c7ddef3fcbc0099201c7469
                • Instruction ID: eda49ea00b54996b3124fb97c94cc17384695fb2f7524500d1a5038ddf8fbb89
                • Opcode Fuzzy Hash: 32f97c0f6d3db42547765ed1c0e129e6afb1c8b80c7ddef3fcbc0099201c7469
                • Instruction Fuzzy Hash: DE4145B1E056548BEB5CCF6B8D4069EFAF7AFC9300F14C5BAC54CAA225EB3005869F05
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.653453608.0000000004A50000.00000040.00000001.sdmp, Offset: 04A50000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b34b26bac3c1412b365ce249a37b946d418befe5fb270d89f772034efc74abb8
                • Instruction ID: df10250ecd8ac288816b35dad0ac22285588d7d2fddffcf31ababf54a98ba5fd
                • Opcode Fuzzy Hash: b34b26bac3c1412b365ce249a37b946d418befe5fb270d89f772034efc74abb8
                • Instruction Fuzzy Hash: 96413271E016188BEB5DCF6B9D40799FAF7BFC9200F14C1BAD84CAA254DB301A868F10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37b941925ee67e8b17acc1443183417ca7df7c27731bc9e84501efaba9ef486c
                • Instruction ID: df750eaa06bc94284f87250b514a068489b7bc8b9ca6e4a221920154ec1a6640
                • Opcode Fuzzy Hash: 37b941925ee67e8b17acc1443183417ca7df7c27731bc9e84501efaba9ef486c
                • Instruction Fuzzy Hash: 89313570D06218CFDB20CFA9E548BEDBBF0BF0A311F00942AE405B7251D778A885EB19
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000000.00000002.652706867.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a53ebf302122d89e2031b58fc2835a170e8f4b475f4de33930f67e606a2e558
                • Instruction ID: 88b05727d02c04d781a99590af40d437fe3e8b4353fa5952ebde9512962fdee7
                • Opcode Fuzzy Hash: 8a53ebf302122d89e2031b58fc2835a170e8f4b475f4de33930f67e606a2e558
                • Instruction Fuzzy Hash: CA314970D06258DFDB20DFA4E544BEDBBF0BB0A311F005439E405B7242D779A985EB14
                Uniqueness

                Uniqueness Score: -1.00%

                Executed Functions

                C-Code - Quality: 23%
                			E00419E0A(void* __ebx, void* __edx, void* __edi, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                				void* _t18;
                				void* _t31;
                				void* _t32;
                				intOrPtr* _t33;
                				void* _t35;
                
                				_t31 = __edi + 1;
                				asm("rol byte [ebp+ebx+0x55], 0x8b");
                				_t13 = _a4;
                				_t33 = _a4 + 0xc48;
                				E0041A960(_t31, _t13, _t33,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                				_t6 =  &_a32; // 0x414d42
                				_t12 =  &_a8; // 0x414d42
                				_t18 =  *((intOrPtr*)( *_t33))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t32, _t35); // executed
                				return _t18;
                			}








                0x00419e0c
                0x00419e0d
                0x00419e13
                0x00419e1f
                0x00419e27
                0x00419e32
                0x00419e4d
                0x00419e55
                0x00419e59

                APIs
                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID: BMA$BMA
                • API String ID: 2738559852-2163208940
                • Opcode ID: 9fbe5f4f277a510f9ca491bd3c0ea2402cca8bef61cfef5d06063ecf26b7d264
                • Instruction ID: 2878db82d1fc1c632f246def7d2360b78a848b066fc70864c7713eb6bd75faeb
                • Opcode Fuzzy Hash: 9fbe5f4f277a510f9ca491bd3c0ea2402cca8bef61cfef5d06063ecf26b7d264
                • Instruction Fuzzy Hash: 3CF0ECB1200148ABDB14DF99DC84DEB77A9EF8D314F158648BA5DD7251C630E851CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 37%
                			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                				void* _t18;
                				void* _t27;
                				intOrPtr* _t28;
                
                				_t13 = _a4;
                				_t28 = _a4 + 0xc48;
                				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                				_t6 =  &_a32; // 0x414d42
                				_t12 =  &_a8; // 0x414d42
                				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                				return _t18;
                			}






                0x00419e13
                0x00419e1f
                0x00419e27
                0x00419e32
                0x00419e4d
                0x00419e55
                0x00419e59

                APIs
                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID: BMA$BMA
                • API String ID: 2738559852-2163208940
                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00419D5B(void* __ebx, void* __ecx, void* __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                				long _t22;
                				void* _t37;
                
                				_t16 = _a4;
                				_t4 = _t16 + 0xc40; // 0xc40
                				E0041A960(_t37, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                				_t22 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                				return _t22;
                			}





                0x00419d63
                0x00419d6f
                0x00419d77
                0x00419dad
                0x00419db1

                APIs
                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: f728223d136df892ce778ec1792765c760e41f652195237d16b460ffb271d9f9
                • Instruction ID: 0bc392dcf94a52e26c31b9752906c387802eaf3930cbb69877ea672ef8bf9adb
                • Opcode Fuzzy Hash: f728223d136df892ce778ec1792765c760e41f652195237d16b460ffb271d9f9
                • Instruction Fuzzy Hash: 3201F2B2201108AFCB08CF98CC84EEB77A9EF8C314F158248FA4CD7241CA30E851CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                				long _t21;
                				void* _t31;
                
                				_t3 = _a4 + 0xc40; // 0xc40
                				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                				return _t21;
                			}





                0x00419d6f
                0x00419d77
                0x00419dad
                0x00419db1

                APIs
                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 64%
                			E00419F3A(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                				long _t17;
                				void* _t24;
                
                				asm("movsd");
                				asm("adc dl, [ebx-0x1374aa1d]");
                				_t13 = _a4;
                				_t5 = _t13 + 0xc60; // 0xca0
                				E0041A960(_t24, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                				_t17 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                				return _t17;
                			}





                0x00419f3c
                0x00419f3d
                0x00419f43
                0x00419f4f
                0x00419f57
                0x00419f79
                0x00419f7d

                APIs
                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: AllocateMemoryVirtual
                • String ID:
                • API String ID: 2167126740-0
                • Opcode ID: a9e7e115d790d7ab1b6c8258f76f6b066b187385e6f758a6e71cb408eca818a8
                • Instruction ID: dfc5076a1779526412c321dd16ee9320cde59abd42be44b545dafc75c5b0cfe0
                • Opcode Fuzzy Hash: a9e7e115d790d7ab1b6c8258f76f6b066b187385e6f758a6e71cb408eca818a8
                • Instruction Fuzzy Hash: 40F01CB5211108ABDB18DF99CC81EE777A9EF8C754F158589FE49AB241C630E811CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                				long _t14;
                				void* _t21;
                
                				_t3 = _a4 + 0xc60; // 0xca0
                				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                				return _t14;
                			}





                0x00419f4f
                0x00419f57
                0x00419f79
                0x00419f7d

                APIs
                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: AllocateMemoryVirtual
                • String ID:
                • API String ID: 2167126740-0
                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00419E90(intOrPtr _a4, void* _a8) {
                				long _t8;
                				void* _t11;
                
                				_t5 = _a4;
                				_t2 = _t5 + 0x10; // 0x300
                				_t3 = _t5 + 0xc50; // 0x40a923
                				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                				_t8 = NtClose(_a8); // executed
                				return _t8;
                			}





                0x00419e93
                0x00419e96
                0x00419e9f
                0x00419ea7
                0x00419eb5
                0x00419eb9

                APIs
                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: d0743a4787c203376199df5c854c8f0ecdabda6093b03988292e8b52790fe7ee
                • Instruction ID: 2c1f6ac74f8fa030325569747522980270c955a11c871bdf13c7663867fe5cc1
                • Opcode Fuzzy Hash: d0743a4787c203376199df5c854c8f0ecdabda6093b03988292e8b52790fe7ee
                • Instruction Fuzzy Hash: 0090027120100423D11165994905707000DA7D1281FD1C412A0424598DDA968D52B561
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: df769ec08f50d5d665bc6e6fa9447a420ce3dcc0abb607ca095630d0b64b4c7d
                • Instruction ID: e186fadb4fb0ddae935ea84742a04bd7b84436d7d316062dd793127b4bac6bdf
                • Opcode Fuzzy Hash: df769ec08f50d5d665bc6e6fa9447a420ce3dcc0abb607ca095630d0b64b4c7d
                • Instruction Fuzzy Hash: 4190027120100812D1807599480564B0009A7D2341FD1C015A0025694DCE558E597BE1
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: c8cde7b4bda9b6dad402abd0098c8a61ef5ba12e1e6137a32c9738223954b28f
                • Instruction ID: 57f711476c45acda76b06f447315923c22bf648f717fd9538311994c3b4a5934
                • Opcode Fuzzy Hash: c8cde7b4bda9b6dad402abd0098c8a61ef5ba12e1e6137a32c9738223954b28f
                • Instruction Fuzzy Hash: C290027120108812D1106599880574B0009A7D1341FD5C411A4424698DCAD58C917561
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
                • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                • Opcode Fuzzy Hash: efcf0ab6665c7b0157fd04bcb744907f430064515781423b38bce05023b8fb6d
                • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 82%
                			E0041A063(void* __eax, void* __ebx, void* _a4, long _a8, void* _a12) {
                				intOrPtr _v0;
                				char _t14;
                				void* _t21;
                
                				asm("das");
                				 *((char*)(__ebx - 0x74aaf577)) =  *((char*)(__ebx - 0x74aaf577)) + 0xec;
                				_t11 = _v0;
                				_t5 = _t11 + 0xc74; // 0xc74
                				E0041A960(_t21, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
                				_t14 = RtlFreeHeap(_a4, _a8, _a12); // executed
                				return _t14;
                			}






                0x0041a064
                0x0041a06c
                0x0041a073
                0x0041a07f
                0x0041a087
                0x0041a09d
                0x0041a0a1

                APIs
                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: c6c90522778b1c316a8c750183a4aa2df4aed0f7f1f87b027b347fb6b41a50b5
                • Instruction ID: f92c7aacafd101dabcccb5babab5f3a10f55433029814cfcb8c8ec6a4d32a853
                • Opcode Fuzzy Hash: c6c90522778b1c316a8c750183a4aa2df4aed0f7f1f87b027b347fb6b41a50b5
                • Instruction Fuzzy Hash: 02E0EDB22002066BCB18CFA4DC88E97776CAF88360F018649F9585B282C231E800CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                				char _t10;
                				void* _t15;
                
                				_t3 = _a4 + 0xc74; // 0xc74
                				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                				return _t10;
                			}





                0x0041a07f
                0x0041a087
                0x0041a09d
                0x0041a0a1

                APIs
                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                				void* _t10;
                				void* _t15;
                
                				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                				return _t10;
                			}





                0x0041a047
                0x0041a05d
                0x0041a061

                APIs
                • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                Memory Dump Source
                • Source File: 00000002.00000002.651750558.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: d6398710494afdd972947d2ef387799288e6920ec4d6990eab516c24879f9353
                • Instruction ID: a6455f3710ec38fec5d8b1b647dee92fe15eae0c1b417a339a4af43ac770bc00
                • Opcode Fuzzy Hash: d6398710494afdd972947d2ef387799288e6920ec4d6990eab516c24879f9353
                • Instruction Fuzzy Hash: 4AB02B718010C0C6EB01D7A40E08717390477C1300F52C011D1030280B4738C080F5F1
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Strings
                • The instruction at %p tried to %s , xrefs: 0170B4B6
                • <unknown>, xrefs: 0170B27E, 0170B2D1, 0170B350, 0170B399, 0170B417, 0170B48E
                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0170B47D
                • *** enter .cxr %p for the context, xrefs: 0170B50D
                • The resource is owned exclusively by thread %p, xrefs: 0170B374
                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0170B2F3
                • *** enter .exr %p for the exception record, xrefs: 0170B4F1
                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0170B305
                • This failed because of error %Ix., xrefs: 0170B446
                • The resource is owned shared by %d threads, xrefs: 0170B37E
                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0170B323
                • *** Resource timeout (%p) in %ws:%s, xrefs: 0170B352
                • a NULL pointer, xrefs: 0170B4E0
                • The instruction at %p referenced memory at %p., xrefs: 0170B432
                • an invalid address, %p, xrefs: 0170B4CF
                • write to, xrefs: 0170B4A6
                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0170B53F
                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0170B38F
                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0170B2DC
                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0170B3D6
                • *** then kb to get the faulting stack, xrefs: 0170B51C
                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0170B39B
                • read from, xrefs: 0170B4AD, 0170B4B2
                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0170B484
                • *** Inpage error in %ws:%s, xrefs: 0170B418
                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0170B476
                • Go determine why that thread has not released the critical section., xrefs: 0170B3C5
                • *** An Access Violation occurred in %ws:%s, xrefs: 0170B48F
                • The critical section is owned by thread %p., xrefs: 0170B3B9
                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0170B314
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                • API String ID: 0-108210295
                • Opcode ID: e85205bb131deea33bc848ebf45b2089077469b43c34bd82556f2e39f36ae815
                • Instruction ID: a9793d8dc6754e3757a0ed75f31fd755a5056ac6fc5a2f35c28c5e2af90dbec8
                • Opcode Fuzzy Hash: e85205bb131deea33bc848ebf45b2089077469b43c34bd82556f2e39f36ae815
                • Instruction Fuzzy Hash: 6381587DA80300FFDB225B8ACC49D7B7FA6EF66A59F41008CF5061B192D3618611CB76
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 77%
                			E0168C9BF(signed int __ecx, signed int __edx, signed int _a4, intOrPtr _a12) {
                				signed int _v12;
                				char _v552;
                				char _v1072;
                				char _v1073;
                				signed int _v1080;
                				signed int _v1084;
                				signed short _v1088;
                				signed int _v1092;
                				signed short _v1094;
                				char _v1096;
                				char _v1100;
                				intOrPtr _v1104;
                				signed int _v1108;
                				char _v1112;
                				char _v1116;
                				signed short _v1120;
                				char _v1124;
                				char* _v1128;
                				char _v1132;
                				char _v1135;
                				char _v1136;
                				signed int _v1140;
                				char _v1144;
                				intOrPtr _v1148;
                				short _v1150;
                				char _v1152;
                				signed int _v1156;
                				char* _v1160;
                				char _v1164;
                				signed int _v1168;
                				signed int _v1172;
                				intOrPtr _v1176;
                				intOrPtr _v1180;
                				char _v1184;
                				signed int _v1188;
                				signed int _v1192;
                				intOrPtr _v1196;
                				char* _v1200;
                				intOrPtr _v1204;
                				char _v1208;
                				char _v1216;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				signed int _t166;
                				void* _t184;
                				signed short _t188;
                				char _t199;
                				intOrPtr _t200;
                				signed int _t205;
                				signed int _t207;
                				intOrPtr _t218;
                				short _t219;
                				char _t236;
                				char _t242;
                				signed int _t253;
                				intOrPtr _t258;
                				void* _t260;
                				signed int _t272;
                				void* _t276;
                				unsigned int _t277;
                				signed short _t279;
                				signed int _t280;
                				void* _t281;
                				void* _t305;
                
                				_t271 = __edx;
                				_v12 =  *0x174d360 ^ _t280;
                				_t253 = _a4;
                				_v1104 = _a12;
                				_t272 = __ecx;
                				_v1160 =  &_v1072;
                				_v1168 = __ecx;
                				_t166 = 0;
                				_v1073 = 0;
                				_v1084 = 0;
                				_t274 = 0;
                				_v1156 = 0;
                				_v1164 = 0x2080000;
                				_v1096 = 0;
                				_v1092 = 0;
                				_v1112 = 0;
                				_v1108 = 0;
                				_v1100 = 0;
                				if(__ecx == 0) {
                					L67:
                					_push(_t166);
                					_push(_t253);
                					_push(_t271);
                					_push(_t272);
                					E016E5720(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
                					_t274 = 0xc000000d;
                					L21:
                					if(_v1073 == 0) {
                						L23:
                						if(_v1092 != 0) {
                							E0165AD30(_v1092);
                						}
                						L24:
                						if(_v1084 != 0) {
                							_push(_v1084);
                							E016995D0();
                						}
                						_t170 = _v1156;
                						if(_v1156 != 0) {
                							L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t170);
                						}
                						L26:
                						return E0169B640(_t274, _t253, _v12 ^ _t280, _t271, _t272, _t274);
                					}
                					L22:
                					_v1144 = _v1100;
                					E0168CCC0(4,  &_v1144, _v1104);
                					goto L23;
                				}
                				if(__edx == 0 || _t253 < 1 || _t253 >  *((intOrPtr*)(__ecx + 4))) {
                					_t166 =  *((intOrPtr*)(_t272 + 4));
                					goto L67;
                				} else {
                					if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t253 * 4)) != 0) {
                						goto L26;
                					}
                					asm("lfence");
                					_t258 =  *((intOrPtr*)(__edx + 0x18));
                					_t260 =  *((intOrPtr*)(_t258 + __edx + 0x10)) + __edx;
                					_t276 =  *((intOrPtr*)(_t253 * 0x18 +  *((intOrPtr*)(_t258 + __edx + 0xc)) + __edx + 0x10)) + __edx;
                					_t181 =  *((intOrPtr*)(_t276 + 0x50));
                					if( *((intOrPtr*)(_t276 + 0x50)) > 0xfffe) {
                						_push(__edx);
                						E016E5720(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t181);
                						_t274 = 0xc0000106;
                						goto L23;
                					}
                					if(( *(_t276 + 4) & 0x00000010) != 0) {
                						_v1080 =  &_v1164;
                						_t272 =  *((intOrPtr*)(_t276 + 0x18)) + _t260;
                						if(_t272 != 0) {
                							_t184 = L016A13D0(_t272, 0x5c);
                							if(_t184 != 0) {
                								_t188 = 0x00000004 + (_t184 - _t272 >> 0x00000001) * 0x00000002 & 0x0000ffff;
                								_v1088 = _t188;
                								_t277 = _t188 & 0x0000ffff;
                								if(_t188 <= 0x208) {
                									_t264 = _v1080;
                									L39:
                									E0169F3E0( *((intOrPtr*)(_t264 + 4)), _t272, _t277 - 2);
                									_t281 = _t281 + 0xc;
                									 *((short*)( *((intOrPtr*)(_v1080 + 4)) + (_t277 >> 1) * 2 - 2)) = 0;
                									 *_v1080 = _v1088 + 0xfffffffe;
                									L18:
                									if(_v1084 == 0) {
                										if(E01666A00( *((intOrPtr*)(_v1080 + 4)),  &_v1112, 0,  &_v1184) != 0) {
                											_v1156 = _v1108;
                											_t199 = _v1184;
                											if(_t199 == 0) {
                												_t200 = 0;
                											} else {
                												_v1112 = _t199;
                												_v1108 = _v1180;
                												_t200 = _v1176;
                											}
                											_v1192 = _v1192 & 0x00000000;
                											_v1188 = _v1188 & 0x00000000;
                											_v1204 = _t200;
                											_push(0x21);
                											_v1200 =  &_v1112;
                											_push(3);
                											_push( &_v1216);
                											_v1208 = 0x18;
                											_push( &_v1208);
                											_push(0x100020);
                											_v1196 = 0x40;
                											_push( &_v1084);
                											_t205 = E01699830();
                											_t272 = _v1172;
                											_t274 = _t205;
                											if(_t272 != 0) {
                												asm("lock xadd [edi], eax");
                												if((_t205 | 0xffffffff) == 0) {
                													_push( *((intOrPtr*)(_t272 + 4)));
                													E016995D0();
                													L016777F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t272);
                												}
                											}
                											if(_t274 >= 0) {
                												goto L19;
                											} else {
                												_push(_t274);
                												E016E5720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n",  *((intOrPtr*)(_v1080 + 4)));
                												goto L21;
                											}
                										}
                										E016E5720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n",  *((intOrPtr*)(_v1080 + 4)));
                										_t274 = 0xc000003a;
                										goto L21;
                									}
                									L19:
                									_t271 = _t253;
                									_t207 = E0168CE6C(_v1168, _t253, _v1080,  &_v1084);
                									_t274 = _t207;
                									if(_t207 < 0) {
                										E016E5720(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t274);
                									} else {
                										_t274 = 0;
                									}
                									goto L21;
                								}
                								_v1094 = _t188;
                								_t218 = E01673A1C(_t277);
                								_v1092 = _t218;
                								if(_t218 != 0) {
                									_t264 =  &_v1096;
                									_v1080 =  &_v1096;
                									goto L39;
                								}
                								_t274 = 0xc0000017;
                								goto L24;
                							}
                							_t274 = 0xc00000e5;
                							goto L23;
                						}
                						_t274 = 0xc00000e5;
                						goto L26;
                					}
                					_v1080 = _v1080 & 0x00000000;
                					_t219 =  *((intOrPtr*)(_t276 + 0x50));
                					_v1152 = _t219;
                					_v1150 = _t219;
                					_v1144 = __edx;
                					_v1148 =  *((intOrPtr*)(_t276 + 0x54)) + _t260;
                					_v1140 = _t253;
                					_v1128 =  &_v552;
                					_v1136 = 0;
                					_v1132 = 0x2160000;
                					_v1124 = 0;
                					_v1116 = 0;
                					_v1120 = 0;
                					E0168CCC0(1,  &_v1144, _v1104);
                					if(_v1116 != 0) {
                						_t274 = 0xc0000120;
                						goto L23;
                					}
                					if(_v1124 != 0) {
                						_t271 =  &_v1132;
                						_t274 = E0168CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
                						if(_t274 >= 0) {
                							_t271 = _t253;
                							_t274 = E0168CE6C(_t272, _t253,  &_v1132,  &_v1084);
                							if(_t274 < 0) {
                								_push(_t274);
                								_push(_t253);
                								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
                								L44:
                								_push(0);
                								_push(0x33);
                								E016E5720();
                								goto L23;
                							}
                							_t274 = 0;
                							goto L23;
                						}
                						_push(_t274);
                						_push( &_v1132);
                						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
                						goto L44;
                					}
                					_t279 = _v1120;
                					_t272 = 0;
                					_t236 = _v1136;
                					_v1100 = _t236;
                					_v1088 = _t279;
                					_v1073 = 1;
                					if(_t279 == 0) {
                						L16:
                						_t305 = _t272 - _t279;
                						L17:
                						if(_t305 == 0) {
                							L54:
                							_push(_t272);
                							E016E5720(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
                							_t274 = 0xc0150004;
                							goto L22;
                						}
                						goto L18;
                					} else {
                						goto L10;
                					}
                					while(1) {
                						L10:
                						_v1144 = _t236;
                						_v1128 =  &_v552;
                						_v1140 = _t272;
                						_v1132 = 0x2160000;
                						_v1136 = 0;
                						E0168CCC0(2,  &_v1144, _v1104);
                						if(_v1136 != 0) {
                							break;
                						}
                						_t242 = _v1132;
                						if(_v1135 != 0) {
                							if(_t242 == 0) {
                								goto L54;
                							}
                							_t119 = _t272 + 1; // 0x1
                							_t279 = _t119;
                							_v1088 = _t279;
                						}
                						if(_t242 == 0) {
                							L27:
                							_t272 = _t272 + 1;
                							if(_t272 >= _t279) {
                								goto L17;
                							} else {
                								_t236 = _v1100;
                								continue;
                							}
                						}
                						if(_v1084 != 0) {
                							_push(_v1084);
                							E016995D0();
                							_v1084 = _v1084 & 0x00000000;
                						}
                						_t271 =  &_v1132;
                						_t274 = E0168CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
                						if(_t274 < 0) {
                							if(_t274 != 0xc0150004) {
                								_push(_t274);
                								_push( &_v1152);
                								E016E5720(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1132);
                								goto L22;
                							}
                							_t279 = _v1088;
                							goto L27;
                						} else {
                							_t279 = _v1088;
                							goto L16;
                						}
                					}
                					_t274 = 0xc0000120;
                					goto L22;
                				}
                			}




































































                0x0168c9bf
                0x0168c9d1
                0x0168c9d8
                0x0168c9dc
                0x0168c9e9
                0x0168c9eb
                0x0168c9f3
                0x0168c9f9
                0x0168c9fb
                0x0168ca01
                0x0168ca07
                0x0168ca09
                0x0168ca0f
                0x0168ca19
                0x0168ca1f
                0x0168ca25
                0x0168ca2b
                0x0168ca31
                0x0168ca39
                0x016cac23
                0x016cac23
                0x016cac24
                0x016cac25
                0x016cac26
                0x016cac34
                0x016cac3c
                0x0168cc3c
                0x0168cc43
                0x0168cc65
                0x0168cc6c
                0x016cac4c
                0x016cac4c
                0x0168cc72
                0x0168cc79
                0x016cac56
                0x016cac5c
                0x016cac5c
                0x0168cc7f
                0x0168cc87
                0x016cac72
                0x016cac72
                0x0168cc8d
                0x0168cc9f
                0x0168cc9f
                0x0168cc45
                0x0168cc51
                0x0168cc60
                0x00000000
                0x0168cc60
                0x0168ca41
                0x016cac20
                0x00000000
                0x0168ca59
                0x0168ca5f
                0x00000000
                0x00000000
                0x0168ca65
                0x0168ca68
                0x0168ca76
                0x0168ca7c
                0x0168ca7e
                0x0168ca86
                0x016ca8ea
                0x016ca8f5
                0x016ca8fd
                0x00000000
                0x016ca8fd
                0x0168ca90
                0x016ca90d
                0x016ca916
                0x016ca918
                0x016ca927
                0x016ca930
                0x016ca94c
                0x016ca94f
                0x016ca955
                0x016ca95b
                0x016ca98c
                0x016ca992
                0x016ca99a
                0x016ca9a9
                0x016ca9af
                0x016ca9c3
                0x0168cc09
                0x0168cc10
                0x016cab03
                0x016cab2f
                0x016cab35
                0x016cab3e
                0x016cab5a
                0x016cab40
                0x016cab40
                0x016cab4c
                0x016cab52
                0x016cab52
                0x016cab5c
                0x016cab63
                0x016cab6a
                0x016cab76
                0x016cab78
                0x016cab84
                0x016cab86
                0x016cab8d
                0x016cab97
                0x016cab98
                0x016caba3
                0x016cabad
                0x016cabae
                0x016cabb3
                0x016cabb9
                0x016cabbd
                0x016cabc2
                0x016cabc6
                0x016cabc8
                0x016cabcb
                0x016cabdc
                0x016cabdc
                0x016cabc6
                0x016cabe3
                0x00000000
                0x016cabe9
                0x016cabef
                0x016cabfc
                0x00000000
                0x016cac01
                0x016cabe3
                0x016cab17
                0x016cab1f
                0x00000000
                0x016cab1f
                0x0168cc16
                0x0168cc29
                0x0168cc2b
                0x0168cc30
                0x0168cc34
                0x016cac13
                0x0168cc3a
                0x0168cc3a
                0x0168cc3a
                0x00000000
                0x0168cc34
                0x016ca95e
                0x016ca965
                0x016ca96a
                0x016ca972
                0x016ca97e
                0x016ca984
                0x00000000
                0x016ca984
                0x016ca974
                0x00000000
                0x016ca974
                0x016ca932
                0x00000000
                0x016ca932
                0x016ca91a
                0x00000000
                0x016ca91a
                0x0168ca96
                0x0168ca9d
                0x0168caa7
                0x0168caae
                0x0168caba
                0x0168cac0
                0x0168cace
                0x0168cad4
                0x0168cae3
                0x0168cae9
                0x0168caf3
                0x0168caf9
                0x0168caff
                0x0168cb05
                0x0168cb11
                0x016ca9cb
                0x00000000
                0x016ca9cb
                0x0168cb1e
                0x016ca9f8
                0x016caa03
                0x016caa07
                0x016caa36
                0x016caa47
                0x016caa4b
                0x016caa18
                0x016caa19
                0x016caa1a
                0x016caa1f
                0x016caa1f
                0x016caa21
                0x016caa23
                0x00000000
                0x016caa28
                0x016caa4d
                0x00000000
                0x016caa4d
                0x016caa09
                0x016caa10
                0x016caa11
                0x00000000
                0x016caa11
                0x0168cb24
                0x0168cb2a
                0x0168cb2c
                0x0168cb32
                0x0168cb38
                0x0168cb3e
                0x0168cb47
                0x0168cc01
                0x0168cc01
                0x0168cc03
                0x0168cc03
                0x016caac0
                0x016caac0
                0x016caad1
                0x016caad9
                0x00000000
                0x016caad9
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x0168cb4d
                0x0168cb4d
                0x0168cb53
                0x0168cb5f
                0x0168cb6e
                0x0168cb74
                0x0168cb7e
                0x0168cb87
                0x0168cb93
                0x00000000
                0x00000000
                0x0168cba0
                0x0168cba7
                0x016caa57
                0x00000000
                0x00000000
                0x016caa59
                0x016caa59
                0x016caa5c
                0x016caa5c
                0x0168cbb0
                0x0168cca2
                0x0168cca2
                0x0168cca5
                0x00000000
                0x0168ccab
                0x0168ccab
                0x00000000
                0x0168ccab
                0x0168cca5
                0x0168cbbd
                0x016caa67
                0x016caa6d
                0x016caa72
                0x016caa72
                0x0168cbe6
                0x0168cbf1
                0x0168cbf5
                0x016caa84
                0x016caa91
                0x016caa98
                0x016caaa9
                0x00000000
                0x016caaae
                0x016caa86
                0x00000000
                0x0168cbfb
                0x0168cbfb
                0x00000000
                0x0168cbfb
                0x0168cbf5
                0x016caab6
                0x00000000
                0x016caab6

                Strings
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016CAAA0
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016CAC2C
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016CAA1A
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 016CAC27
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016CA8EC
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016CABF3
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016CAB0E
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016CAAC8
                • @, xrefs: 016CABA3
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016CAA11
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016CAC0A
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 556c1b4028630943d7ae369b62a2b790800ae28bfeffb97aec13ee81c74e1e19
                • Instruction ID: 76f034245aae4de4c65330becb449c0ae7ec63770e1ce718df07a810d9527981
                • Opcode Fuzzy Hash: 556c1b4028630943d7ae369b62a2b790800ae28bfeffb97aec13ee81c74e1e19
                • Instruction Fuzzy Hash: 540260F1D006299BDB31DB58CD80BEAB7B9AF54704F4042DEE609A7241E7309E85CF69
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 59%
                			E01714AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
                				signed int _v6;
                				signed int _v8;
                				signed int _v12;
                				signed int _v16;
                				signed int _v20;
                				signed int _v24;
                				signed int _v28;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				void* __ebp;
                				signed int _t189;
                				intOrPtr _t191;
                				intOrPtr _t210;
                				signed int _t225;
                				signed char _t231;
                				intOrPtr _t232;
                				unsigned int _t245;
                				intOrPtr _t249;
                				intOrPtr _t259;
                				signed int _t281;
                				signed int _t283;
                				intOrPtr _t284;
                				signed int _t288;
                				signed int* _t294;
                				signed int* _t298;
                				intOrPtr* _t299;
                				intOrPtr* _t300;
                				signed int _t307;
                				signed int _t309;
                				signed short _t312;
                				signed short _t315;
                				signed int _t317;
                				signed int _t320;
                				signed int _t322;
                				signed int _t326;
                				signed int _t327;
                				void* _t328;
                				signed int _t332;
                				signed int _t340;
                				signed int _t342;
                				signed char _t344;
                				signed int* _t345;
                				void* _t346;
                				signed char _t352;
                				signed char _t367;
                				signed int _t374;
                				intOrPtr* _t378;
                				signed int _t380;
                				signed int _t385;
                				signed char _t390;
                				unsigned int _t392;
                				signed char _t395;
                				unsigned int _t397;
                				intOrPtr* _t400;
                				signed int _t402;
                				signed int _t405;
                				intOrPtr* _t406;
                				signed int _t407;
                				intOrPtr _t412;
                				void* _t414;
                				signed int _t415;
                				signed int _t416;
                				signed int _t429;
                
                				_v16 = _v16 & 0x00000000;
                				_t189 = 0;
                				_v8 = _v8 & 0;
                				_t332 = __edx;
                				_v12 = 0;
                				_t414 = __ecx;
                				_t415 = __edx;
                				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
                					L88:
                					_t416 = _v16;
                					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
                						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
                						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
                							L107:
                							return 1;
                						}
                						_t191 =  *[fs:0x30];
                						__eflags =  *(_t191 + 0xc);
                						if( *(_t191 + 0xc) == 0) {
                							_push("HEAP: ");
                							E0165B150();
                						} else {
                							E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                						}
                						_push(_v12);
                						_push( *((intOrPtr*)(_t332 + 0x30)));
                						_push(_t332);
                						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
                						L122:
                						E0165B150();
                						L119:
                						return 0;
                					}
                					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                						_push("HEAP: ");
                						E0165B150();
                					} else {
                						E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                					}
                					_push(_t416);
                					_push( *((intOrPtr*)(_t332 + 0x2c)));
                					_push(_t332);
                					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
                					goto L122;
                				} else {
                					goto L1;
                				}
                				do {
                					L1:
                					 *_a16 = _t415;
                					if( *(_t414 + 0x4c) != 0) {
                						_t392 =  *(_t414 + 0x50) ^  *_t415;
                						 *_t415 = _t392;
                						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
                						_t424 = _t392 >> 0x18 - _t352;
                						if(_t392 >> 0x18 != _t352) {
                							_push(_t352);
                							E0170FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
                						}
                					}
                					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
                						_t210 =  *[fs:0x30];
                						__eflags =  *(_t210 + 0xc);
                						if( *(_t210 + 0xc) == 0) {
                							_push("HEAP: ");
                							E0165B150();
                						} else {
                							E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                						}
                						_push(_v8 & 0x0000ffff);
                						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
                						__eflags = _t340;
                						_push(_t340);
                						E0165B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
                						L117:
                						__eflags =  *(_t414 + 0x4c);
                						if( *(_t414 + 0x4c) != 0) {
                							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                							__eflags =  *_t415;
                						}
                						goto L119;
                					}
                					_t225 =  *_t415 & 0x0000ffff;
                					_t390 =  *(_t415 + 2);
                					_t342 = _t225;
                					_v8 = _t342;
                					_v20 = _t342;
                					_v28 = _t225 << 3;
                					if((_t390 & 0x00000001) == 0) {
                						__eflags =  *(_t414 + 0x40) & 0x00000040;
                						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
                						__eflags = _t344 & 0x00000001;
                						if((_t344 & 0x00000001) == 0) {
                							L66:
                							_t345 = _a12;
                							 *_a8 =  *_a8 + 1;
                							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
                							__eflags =  *_t345;
                							L67:
                							_t231 =  *(_t415 + 6);
                							if(_t231 == 0) {
                								_t346 = _t414;
                							} else {
                								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
                							}
                							if(_t346 != _t332) {
                								_t232 =  *[fs:0x30];
                								__eflags =  *(_t232 + 0xc);
                								if( *(_t232 + 0xc) == 0) {
                									_push("HEAP: ");
                									E0165B150();
                								} else {
                									E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                								}
                								_push( *(_t415 + 6) & 0x000000ff);
                								_push(_t415);
                								_push("Heap block at %p has incorrect segment offset (%x)\n");
                								goto L95;
                							} else {
                								if( *((char*)(_t415 + 7)) != 3) {
                									__eflags =  *(_t414 + 0x4c);
                									if( *(_t414 + 0x4c) != 0) {
                										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                										__eflags =  *_t415;
                									}
                									_t415 = _t415 + _v28;
                									__eflags = _t415;
                									goto L86;
                								}
                								_t245 =  *(_t415 + 0x1c);
                								if(_t245 == 0) {
                									_t395 =  *_t415 & 0x0000ffff;
                									_v6 = _t395 >> 8;
                									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
                									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
                										__eflags =  *(_t414 + 0x4c);
                										if( *(_t414 + 0x4c) != 0) {
                											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
                											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                											__eflags =  *_t415;
                										}
                										goto L107;
                									}
                									_t249 =  *[fs:0x30];
                									__eflags =  *(_t249 + 0xc);
                									if( *(_t249 + 0xc) == 0) {
                										_push("HEAP: ");
                										E0165B150();
                									} else {
                										E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                									}
                									_push( *((intOrPtr*)(_t332 + 0x28)));
                									_push(_t415);
                									_push("Heap block at %p is not last block in segment (%p)\n");
                									L95:
                									E0165B150();
                									goto L117;
                								}
                								_v12 = _v12 + 1;
                								_v16 = _v16 + (_t245 >> 0xc);
                								if( *(_t414 + 0x4c) != 0) {
                									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                								}
                								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
                								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
                									L82:
                									_v8 = _v8 & 0x00000000;
                									goto L86;
                								} else {
                									if( *(_t414 + 0x4c) != 0) {
                										_t397 =  *(_t414 + 0x50) ^  *_t415;
                										 *_t415 = _t397;
                										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
                										_t442 = _t397 >> 0x18 - _t367;
                										if(_t397 >> 0x18 != _t367) {
                											_push(_t367);
                											E0170FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
                										}
                									}
                									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
                										_t259 =  *[fs:0x30];
                										__eflags =  *(_t259 + 0xc);
                										if( *(_t259 + 0xc) == 0) {
                											_push("HEAP: ");
                											E0165B150();
                										} else {
                											E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                										}
                										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
                										_push(_t415);
                										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
                										goto L95;
                									} else {
                										if( *(_t414 + 0x4c) != 0) {
                											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                										}
                										goto L82;
                									}
                								}
                							}
                						}
                						_t281 = _v28 + 0xfffffff0;
                						_v24 = _t281;
                						__eflags = _t390 & 0x00000002;
                						if((_t390 & 0x00000002) != 0) {
                							__eflags = _t281 - 4;
                							if(_t281 > 4) {
                								_t281 = _t281 - 4;
                								__eflags = _t281;
                								_v24 = _t281;
                							}
                						}
                						__eflags = _t390 & 0x00000008;
                						if((_t390 & 0x00000008) == 0) {
                							_t102 = _t415 + 0x10; // -8
                							_t283 = E016AD540(_t102, _t281, 0xfeeefeee);
                							_v20 = _t283;
                							__eflags = _t283 - _v24;
                							if(_t283 != _v24) {
                								_t284 =  *[fs:0x30];
                								__eflags =  *(_t284 + 0xc);
                								if( *(_t284 + 0xc) == 0) {
                									_push("HEAP: ");
                									E0165B150();
                								} else {
                									E0165B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                								}
                								_t288 = _v20 + 8 + _t415;
                								__eflags = _t288;
                								_push(_t288);
                								_push(_t415);
                								_push("Free Heap block %p modified at %p after it was freed\n");
                								goto L95;
                							}
                							goto L66;
                						} else {
                							_t374 =  *(_t415 + 8);
                							_t400 =  *((intOrPtr*)(_t415 + 0xc));
                							_v24 = _t374;
                							_v28 = _t400;
                							_t294 =  *(_t374 + 4);
                							__eflags =  *_t400 - _t294;
                							if( *_t400 != _t294) {
                								L64:
                								_push(_t374);
                								_push( *_t400);
                								_t101 = _t415 + 8; // -16
                								E0171A80D(_t414, 0xd, _t101, _t294);
                								goto L86;
                							}
                							_t56 = _t415 + 8; // -16
                							__eflags =  *_t400 - _t56;
                							_t374 = _v24;
                							if( *_t400 != _t56) {
                								goto L64;
                							}
                							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
                							_t402 =  *(_t414 + 0xb4);
                							__eflags = _t402;
                							if(_t402 == 0) {
                								L35:
                								_t298 = _v28;
                								 *_t298 = _t374;
                								 *(_t374 + 4) = _t298;
                								__eflags =  *(_t415 + 2) & 0x00000008;
                								if(( *(_t415 + 2) & 0x00000008) == 0) {
                									L39:
                									_t377 =  *_t415 & 0x0000ffff;
                									_t299 = _t414 + 0xc0;
                									_v28 =  *_t415 & 0x0000ffff;
                									 *(_t415 + 2) = 0;
                									 *((char*)(_t415 + 7)) = 0;
                									__eflags =  *(_t414 + 0xb4);
                									if( *(_t414 + 0xb4) == 0) {
                										_t378 =  *_t299;
                									} else {
                										_t378 = E0167E12C(_t414, _t377);
                										_t299 = _t414 + 0xc0;
                									}
                									__eflags = _t299 - _t378;
                									if(_t299 == _t378) {
                										L51:
                										_t300 =  *((intOrPtr*)(_t378 + 4));
                										__eflags =  *_t300 - _t378;
                										if( *_t300 != _t378) {
                											_push(_t378);
                											_push( *_t300);
                											__eflags = 0;
                											E0171A80D(0, 0xd, _t378, 0);
                										} else {
                											_t87 = _t415 + 8; // -16
                											_t406 = _t87;
                											 *_t406 = _t378;
                											 *((intOrPtr*)(_t406 + 4)) = _t300;
                											 *_t300 = _t406;
                											 *((intOrPtr*)(_t378 + 4)) = _t406;
                										}
                										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
                										_t405 =  *(_t414 + 0xb4);
                										__eflags = _t405;
                										if(_t405 == 0) {
                											L61:
                											__eflags =  *(_t414 + 0x4c);
                											if(__eflags != 0) {
                												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                											}
                											goto L86;
                										} else {
                											_t380 =  *_t415 & 0x0000ffff;
                											while(1) {
                												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
                												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
                													break;
                												}
                												_t307 =  *_t405;
                												__eflags = _t307;
                												if(_t307 == 0) {
                													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
                													L60:
                													_t94 = _t415 + 8; // -16
                													E0167E4A0(_t414, _t405, 1, _t94, _t309, _t380);
                													goto L61;
                												}
                												_t405 = _t307;
                											}
                											_t309 = _t380;
                											goto L60;
                										}
                									} else {
                										_t407 =  *(_t414 + 0x4c);
                										while(1) {
                											__eflags = _t407;
                											if(_t407 == 0) {
                												_t312 =  *(_t378 - 8) & 0x0000ffff;
                											} else {
                												_t315 =  *(_t378 - 8);
                												_t407 =  *(_t414 + 0x4c);
                												__eflags = _t315 & _t407;
                												if((_t315 & _t407) != 0) {
                													_t315 = _t315 ^  *(_t414 + 0x50);
                													__eflags = _t315;
                												}
                												_t312 = _t315 & 0x0000ffff;
                											}
                											__eflags = _v28 - (_t312 & 0x0000ffff);
                											if(_v28 <= (_t312 & 0x0000ffff)) {
                												goto L51;
                											}
                											_t378 =  *_t378;
                											__eflags = _t414 + 0xc0 - _t378;
                											if(_t414 + 0xc0 != _t378) {
                												continue;
                											}
                											goto L51;
                										}
                										goto L51;
                									}
                								}
                								_t317 = E0167A229(_t414, _t415);
                								__eflags = _t317;
                								if(_t317 != 0) {
                									goto L39;
                								}
                								E0167A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
                								goto L86;
                							}
                							_t385 =  *_t415 & 0x0000ffff;
                							while(1) {
                								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
                								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
                									break;
                								}
                								_t320 =  *_t402;
                								__eflags = _t320;
                								if(_t320 == 0) {
                									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
                									L34:
                									_t63 = _t415 + 8; // -16
                									E0167BC04(_t414, _t402, 1, _t63, _t322, _t385);
                									_t374 = _v24;
                									goto L35;
                								}
                								_t402 = _t320;
                							}
                							_t322 = _t385;
                							goto L34;
                						}
                					}
                					if(_a20 == 0) {
                						L18:
                						if(( *(_t415 + 2) & 0x00000004) == 0) {
                							goto L67;
                						}
                						if(E017023E3(_t414, _t415) == 0) {
                							goto L117;
                						}
                						goto L67;
                					} else {
                						if((_t390 & 0x00000002) == 0) {
                							_t326 =  *(_t415 + 3) & 0x000000ff;
                						} else {
                							_t328 = E01651F5B(_t415);
                							_t342 = _v20;
                							_t326 =  *(_t328 + 2) & 0x0000ffff;
                						}
                						_t429 = _t326;
                						if(_t429 == 0) {
                							goto L18;
                						}
                						if(_t429 >= 0) {
                							__eflags = _t326 & 0x00000800;
                							if(__eflags != 0) {
                								goto L18;
                							}
                							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
                							if(__eflags >= 0) {
                								goto L18;
                							}
                							_t412 = _a20;
                							_t327 = _t326 & 0x0000ffff;
                							L17:
                							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
                							goto L18;
                						}
                						_t327 = _t326 & 0x00007fff;
                						if(_t327 >= 0x81) {
                							goto L18;
                						}
                						_t412 = _a24;
                						goto L17;
                					}
                					L86:
                				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
                				_t189 = _v12;
                				goto L88;
                			}



































































                0x01714af7
                0x01714afb
                0x01714afd
                0x01714b01
                0x01714b03
                0x01714b08
                0x01714b0a
                0x01714b0f
                0x01714eb5
                0x01714eb5
                0x01714ebb
                0x017150d5
                0x017150d8
                0x01714ff6
                0x00000000
                0x01714ff6
                0x017150de
                0x017150e4
                0x017150e8
                0x01715107
                0x0171510c
                0x017150ea
                0x017150ff
                0x01715104
                0x01715112
                0x01715115
                0x01715118
                0x01715119
                0x017150cb
                0x017150cb
                0x017150af
                0x00000000
                0x017150af
                0x01714ecb
                0x017150b6
                0x017150bb
                0x01714ed1
                0x01714ee6
                0x01714eeb
                0x017150c1
                0x017150c2
                0x017150c5
                0x017150c6
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x01714b15
                0x01714b15
                0x01714b1c
                0x01714b1e
                0x01714b23
                0x01714b27
                0x01714b33
                0x01714b38
                0x01714b3a
                0x01714b3c
                0x01714b41
                0x01714b41
                0x01714b3a
                0x01714b52
                0x01715045
                0x0171504b
                0x0171504f
                0x0171506e
                0x01715073
                0x01715051
                0x01715066
                0x0171506b
                0x01715083
                0x01715088
                0x01715088
                0x0171508a
                0x01715091
                0x01715099
                0x01715099
                0x0171509d
                0x017150a7
                0x017150ad
                0x017150ad
                0x017150ad
                0x00000000
                0x0171509d
                0x01714b58
                0x01714b5b
                0x01714b5e
                0x01714b63
                0x01714b66
                0x01714b69
                0x01714b6f
                0x01714be4
                0x01714bf0
                0x01714bf2
                0x01714bf5
                0x01714dc3
                0x01714dc6
                0x01714dc9
                0x01714dce
                0x01714dce
                0x01714dd0
                0x01714dd0
                0x01714dd5
                0x01714def
                0x01714dd7
                0x01714de7
                0x01714de7
                0x01714df3
                0x01715001
                0x01715007
                0x0171500b
                0x0171502a
                0x0171502f
                0x0171500d
                0x01715022
                0x01715027
                0x01715039
                0x0171503a
                0x0171503b
                0x00000000
                0x01714df9
                0x01714dfd
                0x01714e90
                0x01714e94
                0x01714e9e
                0x01714ea4
                0x01714ea4
                0x01714ea4
                0x01714ea6
                0x01714ea6
                0x00000000
                0x01714ea6
                0x01714e03
                0x01714e08
                0x01714f88
                0x01714f92
                0x01714f99
                0x01714f9c
                0x01714fe0
                0x01714fe4
                0x01714fee
                0x01714ff4
                0x01714ff4
                0x01714ff4
                0x00000000
                0x01714fe4
                0x01714f9e
                0x01714fa4
                0x01714fa8
                0x01714fc7
                0x01714fcc
                0x01714faa
                0x01714fbf
                0x01714fc4
                0x01714fd2
                0x01714fd5
                0x01714fd6
                0x01714f34
                0x01714f34
                0x00000000
                0x01714f39
                0x01714e0e
                0x01714e14
                0x01714e1b
                0x01714e25
                0x01714e2b
                0x01714e2b
                0x01714e33
                0x01714e38
                0x01714e8a
                0x01714e8a
                0x00000000
                0x01714e3a
                0x01714e3e
                0x01714e43
                0x01714e47
                0x01714e53
                0x01714e58
                0x01714e5a
                0x01714e5c
                0x01714e61
                0x01714e61
                0x01714e5a
                0x01714e6e
                0x01714f41
                0x01714f47
                0x01714f4b
                0x01714f6a
                0x01714f6f
                0x01714f4d
                0x01714f62
                0x01714f67
                0x01714f7f
                0x01714f80
                0x01714f81
                0x00000000
                0x01714e74
                0x01714e78
                0x01714e82
                0x01714e88
                0x01714e88
                0x00000000
                0x01714e78
                0x01714e6e
                0x01714e38
                0x01714df3
                0x01714bfe
                0x01714c01
                0x01714c04
                0x01714c07
                0x01714c09
                0x01714c0c
                0x01714c0e
                0x01714c0e
                0x01714c11
                0x01714c11
                0x01714c0c
                0x01714c14
                0x01714c17
                0x01714dae
                0x01714db2
                0x01714db7
                0x01714dba
                0x01714dbd
                0x01714ef1
                0x01714ef7
                0x01714efb
                0x01714f1a
                0x01714f1f
                0x01714efd
                0x01714f12
                0x01714f17
                0x01714f2b
                0x01714f2b
                0x01714f2d
                0x01714f2e
                0x01714f2f
                0x00000000
                0x01714f2f
                0x00000000
                0x01714c1d
                0x01714c1d
                0x01714c20
                0x01714c23
                0x01714c26
                0x01714c29
                0x01714c2c
                0x01714c2e
                0x01714d91
                0x01714d91
                0x01714d92
                0x01714d97
                0x01714d9e
                0x00000000
                0x01714d9e
                0x01714c34
                0x01714c37
                0x01714c39
                0x01714c3c
                0x00000000
                0x00000000
                0x01714c45
                0x01714c48
                0x01714c4e
                0x01714c50
                0x01714c78
                0x01714c78
                0x01714c7b
                0x01714c7d
                0x01714c80
                0x01714c84
                0x01714cad
                0x01714cad
                0x01714cb0
                0x01714cb8
                0x01714cbb
                0x01714cbe
                0x01714cc1
                0x01714cc7
                0x01714cdc
                0x01714cc9
                0x01714cd2
                0x01714cd4
                0x01714cd4
                0x01714cde
                0x01714ce0
                0x01714d13
                0x01714d13
                0x01714d16
                0x01714d18
                0x01714d29
                0x01714d2a
                0x01714d2c
                0x01714d34
                0x01714d1a
                0x01714d1a
                0x01714d1a
                0x01714d1d
                0x01714d1f
                0x01714d22
                0x01714d24
                0x01714d24
                0x01714d3c
                0x01714d3f
                0x01714d45
                0x01714d47
                0x01714d6c
                0x01714d6c
                0x01714d70
                0x01714d7e
                0x01714d84
                0x01714d84
                0x00000000
                0x01714d49
                0x01714d49
                0x01714d56
                0x01714d56
                0x01714d59
                0x00000000
                0x00000000
                0x01714d4e
                0x01714d50
                0x01714d52
                0x01714d8e
                0x01714d5d
                0x01714d5f
                0x01714d67
                0x00000000
                0x01714d67
                0x01714d54
                0x01714d54
                0x01714d5b
                0x00000000
                0x01714d5b
                0x01714ce2
                0x01714ce2
                0x01714ce5
                0x01714ce5
                0x01714ce7
                0x01714cfb
                0x01714ce9
                0x01714ce9
                0x01714cec
                0x01714cef
                0x01714cf1
                0x01714cf3
                0x01714cf3
                0x01714cf3
                0x01714cf6
                0x01714cf6
                0x01714d02
                0x01714d05
                0x00000000
                0x00000000
                0x01714d07
                0x01714d0f
                0x01714d11
                0x00000000
                0x00000000
                0x00000000
                0x01714d11
                0x00000000
                0x01714ce5
                0x01714ce0
                0x01714c8a
                0x01714c8f
                0x01714c91
                0x00000000
                0x00000000
                0x01714c9d
                0x00000000
                0x01714c9d
                0x01714c52
                0x01714c5f
                0x01714c5f
                0x01714c62
                0x00000000
                0x00000000
                0x01714c57
                0x01714c59
                0x01714c5b
                0x01714caa
                0x01714c66
                0x01714c68
                0x01714c70
                0x01714c75
                0x00000000
                0x01714c75
                0x01714c5d
                0x01714c5d
                0x01714c64
                0x00000000
                0x01714c64
                0x01714c17
                0x01714b75
                0x01714bc4
                0x01714bc8
                0x00000000
                0x00000000
                0x01714bd9
                0x00000000
                0x00000000
                0x00000000
                0x01714b77
                0x01714b7a
                0x01714b8c
                0x01714b7c
                0x01714b7e
                0x01714b83
                0x01714b86
                0x01714b86
                0x01714b90
                0x01714b93
                0x00000000
                0x00000000
                0x01714b95
                0x01714bab
                0x01714bb0
                0x00000000
                0x00000000
                0x01714bb2
                0x01714bb9
                0x00000000
                0x00000000
                0x01714bbb
                0x01714bbe
                0x01714bc1
                0x01714bc1
                0x00000000
                0x01714bc1
                0x01714b97
                0x01714ba4
                0x00000000
                0x00000000
                0x01714ba6
                0x00000000
                0x01714ba6
                0x01714ea9
                0x01714ea9
                0x01714eb2
                0x00000000

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                • API String ID: 0-3591852110
                • Opcode ID: 7e94c90a7a9e1a455d32494850c0bdb2b3b207728f5ee89b6acff8ac75858984
                • Instruction ID: 2d4a3397c54e719feffa80a0c248b1b06d3e36b6d12a0ff55a28fe1613bff878
                • Opcode Fuzzy Hash: 7e94c90a7a9e1a455d32494850c0bdb2b3b207728f5ee89b6acff8ac75858984
                • Instruction Fuzzy Hash: 62129D302006429FDB29CF6DC895AB6FBE6FF49710F18845DE9868B685D734E981CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                • API String ID: 0-2224505338
                • Opcode ID: 9ebb17212d83e4f4691081669adea57823a49272fe28749ae80012608231dc1f
                • Instruction ID: 5fb3800da98affc70d3f4a8765349ec9a67d28d64820faea5234c7273540d244
                • Opcode Fuzzy Hash: 9ebb17212d83e4f4691081669adea57823a49272fe28749ae80012608231dc1f
                • Instruction Fuzzy Hash: 7A51F832241285EFD761EBADCC85E6AF7E6FB04A31F14846DF8069B345C674D940CB19
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
                • API String ID: 0-2515562510
                • Opcode ID: 2234abae3d86c1c118da2f9711110bc8a9b291d76107846b7f38fadb5fd97108
                • Instruction ID: b7e5cb2652101e2a1655336c25b8d7cd86949c6e3397432abdbaa796104078b8
                • Opcode Fuzzy Hash: 2234abae3d86c1c118da2f9711110bc8a9b291d76107846b7f38fadb5fd97108
                • Instruction Fuzzy Hash: 5D923771E04219CFDB64DF98CC80BAEBBB9FF45704F248299D959AB341D774A982CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-523794902
                • Opcode ID: 2d5d12afbeffd494b50dffaf9d6547c14db9785ab02d61019e363fea5cb95c4a
                • Instruction ID: 43eb277e5a295835b2d4fe81b9ceec474120a863146560d4c2d0d7004c190301
                • Opcode Fuzzy Hash: 2d5d12afbeffd494b50dffaf9d6547c14db9785ab02d61019e363fea5cb95c4a
                • Instruction Fuzzy Hash: 5C42DD31604382DFD715DF68CC94A2ABBE6FF88614F08496DE986CB352D734D982CB52
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                • API String ID: 0-1745908468
                • Opcode ID: 4480ef31fb3f1290a691e9ce7d49362256e6c9494f7c77a840fbaee45b115fe7
                • Instruction ID: ac6540e728f135fbdb8704f7bb2146eb14b68accbbed8e2a9b684ee244aab13b
                • Opcode Fuzzy Hash: 4480ef31fb3f1290a691e9ce7d49362256e6c9494f7c77a840fbaee45b115fe7
                • Instruction Fuzzy Hash: DB91F135600685DFDB22DFACC854AADFBF3BF49720F28805DE5465B296C7329982CB14
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • Kernel-MUI-Number-Allowed, xrefs: 01663D8C
                • Kernel-MUI-Language-SKU, xrefs: 01663F70
                • Kernel-MUI-Language-Allowed, xrefs: 01663DC0
                • WindowsExcludedProcs, xrefs: 01663D6F
                • Kernel-MUI-Language-Disallowed, xrefs: 01663E97
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                • API String ID: 0-258546922
                • Opcode ID: 2eb8a16f62584e864245fcd6b2281f4978c694f589c77a660d0151d2da7dece8
                • Instruction ID: f60531f50b20b61c11bd21f966e2bfc843349c0bb0c6f2ed0555743dc0e28c91
                • Opcode Fuzzy Hash: 2eb8a16f62584e864245fcd6b2281f4978c694f589c77a660d0151d2da7dece8
                • Instruction Fuzzy Hash: A9F13A72D00629EBCB11DF98CD80AEEBBBDFF58650F15406AE905A7350DB359E41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                • API String ID: 0-188067316
                • Opcode ID: 4a34eae717ed8f520a4f76cecf04f38ef40b0d803c0912c48414174c5fd89adb
                • Instruction ID: 27652f36e3758a0fcedd1890a634983e246c09ec6c485b17f6ed6c3923aa20a5
                • Opcode Fuzzy Hash: 4a34eae717ed8f520a4f76cecf04f38ef40b0d803c0912c48414174c5fd89adb
                • Instruction Fuzzy Hash: 91012836111281FED3799779EC4DF937BB5DB42B31F18806EF4064B7818BA89480CB28
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                • API String ID: 0-3266796247
                • Opcode ID: ae0b5a26ca94cdde1cf5a85e586a510b38037b580557aa76cece8b7313197502
                • Instruction ID: f4bb26f69bf5f57a2b6f600112775dd0f474e3a21f0daf3b7ec859fd08648688
                • Opcode Fuzzy Hash: ae0b5a26ca94cdde1cf5a85e586a510b38037b580557aa76cece8b7313197502
                • Instruction Fuzzy Hash: 7E32AB31A012698BDF72DB18CC94BF9BBB9AF45340F2442EAE849A7351D7309E81CF54
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 016C2403
                • HEAP: , xrefs: 016C22E6, 016C23F6
                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 016C22F3
                • HEAP[%wZ]: , xrefs: 016C22D7, 016C23E7
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                • API String ID: 0-1657114761
                • Opcode ID: 773718fee2da61a36a2bf5c28dd508dfcc8f3a71b1fb7515a491e993ff6e2286
                • Instruction ID: 1d9c7407183af69726287b2745ba1767bfea181b274235138cd51d1199d73de8
                • Opcode Fuzzy Hash: 773718fee2da61a36a2bf5c28dd508dfcc8f3a71b1fb7515a491e993ff6e2286
                • Instruction Fuzzy Hash: 92D1B034A002459FDB19DFA8C990BBEB7F2FF48300F19856DD95A9B346E334A946CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016C3513
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 016C34D0
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 016C348D
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 016C344A
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: b33aaa821310fe8e0605347310b0c0edae863a10aeb94365f0c7201b6c0234ad
                • Instruction ID: ffb297aafac99dc0a2374dc4f864362c16f455240f5a15cf9c9e8d822b7b1831
                • Opcode Fuzzy Hash: b33aaa821310fe8e0605347310b0c0edae863a10aeb94365f0c7201b6c0234ad
                • Instruction Fuzzy Hash: 8271EDB1904301AFCB21DF98CC84B9B7FA9EF54764F40886CFA598B242D734D589CB96
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                • API String ID: 2994545307-2586055223
                • Opcode ID: 522b489df8d4395b1f4ac4516d1bd8748b5163fdb3494211cd2a92d64e6b0cb7
                • Instruction ID: fcfee2d0dd8ea6bbbc0bafa01ecabeb129aa7a3f1cfa3bf1a858f8695f5d6b3d
                • Opcode Fuzzy Hash: 522b489df8d4395b1f4ac4516d1bd8748b5163fdb3494211cd2a92d64e6b0cb7
                • Instruction Fuzzy Hash: 8C51F5322056819FD722DBA8CC48F7B7BE9EF81B50F08056CF9618B392D724E941CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                • API String ID: 2994545307-336120773
                • Opcode ID: bbb8c1c5d9a36ed72cb63587d6d054572842dfa123f82b8620e427011e2c6336
                • Instruction ID: c363fc8c3045fff0bf8052c8110e0eeb694743d184891892e5ca8a0b435ef94c
                • Opcode Fuzzy Hash: bbb8c1c5d9a36ed72cb63587d6d054572842dfa123f82b8620e427011e2c6336
                • Instruction Fuzzy Hash: E631F232200101EFD760DBADCC85F66B7EAEF05B21F164099F906AB285D770AA40CB6D
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                • API String ID: 0-1391187441
                • Opcode ID: 0c25f07290c5fae1ac27a815ea376c65bcd8dcf70ca208740925958be503e103
                • Instruction ID: 1158e859ab901c8e5d4a604176369993ef87302b4dadf4a04a1c8092d5475eaf
                • Opcode Fuzzy Hash: 0c25f07290c5fae1ac27a815ea376c65bcd8dcf70ca208740925958be503e103
                • Instruction Fuzzy Hash: 2731F432A00144AFDB51DB99CC84FAABBF9EF44720F154069FD15AB391DB70E980CB64
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                • API String ID: 0-4256168463
                • Opcode ID: e003f8e15adf5cfb58574de760cabf729e65a261d2a2ee9e1de76d43279f24a4
                • Instruction ID: a057e9431419db3f28492d60d19a7ff95ee21cd254a5aa59d16331d817496bce
                • Opcode Fuzzy Hash: e003f8e15adf5cfb58574de760cabf729e65a261d2a2ee9e1de76d43279f24a4
                • Instruction Fuzzy Hash: DD01F9321102019FCB61EF7DCC44FA6B7EAFB45E30F208499E8069B385DA70E945CA58
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: 7b23945ecdedefbdf0f7c39edd3bb7cd720a341e6acf268b4d1b09ff71d424a1
                • Instruction ID: 6cb4fff106f8702a9513e3e373515ed74b24b7d73923d379a03e63932c87ab3f
                • Opcode Fuzzy Hash: 7b23945ecdedefbdf0f7c39edd3bb7cd720a341e6acf268b4d1b09ff71d424a1
                • Instruction Fuzzy Hash: 0A22C070600246DFEB25DF29CC54B7ABBE6EF46B14F28856DE8568B382D731D881CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 43aa8416b0572b8999fbab27e5d78182ffd311c87e0fe7cc3ac86e24186bf09d
                • Instruction ID: 9d24a53c2bcd535842d1b4276ea895cd3732b6b086a8689adbe455d61faef8bf
                • Opcode Fuzzy Hash: 43aa8416b0572b8999fbab27e5d78182ffd311c87e0fe7cc3ac86e24186bf09d
                • Instruction Fuzzy Hash: 42E16A70600245DFDB19CF68CC94BBABBB6FB44704F1481ADE9169B395D734E981CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                • API String ID: 0-1145731471
                • Opcode ID: d0f3f6242f71d51d0c472afcbccc53f427c271adc7795235d0cf973a4d9743d1
                • Instruction ID: 753c0b1005fbec642b58e982cdf4fdc473161921196aaa77120944f99d75573f
                • Opcode Fuzzy Hash: d0f3f6242f71d51d0c472afcbccc53f427c271adc7795235d0cf973a4d9743d1
                • Instruction Fuzzy Hash: 8DB1D271A006569FDF15CF69EC81BACBB7ABF44318F188129E911EB394D730E850CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 48c1ca98210ab9d0261a0b1dfbf1923903aeb6730af65ca381a14a75e76022a7
                • Instruction ID: 67da3ac7ea5340c51d689320f14df11e5b6829b319254c74ab7095f9be887cbc
                • Opcode Fuzzy Hash: 48c1ca98210ab9d0261a0b1dfbf1923903aeb6730af65ca381a14a75e76022a7
                • Instruction Fuzzy Hash: 3CA14B719116299BDB31DF68CC88BEAB7B8EF44710F1041EAE908A7250D735AEC5CF94
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0170256F
                • HEAP: , xrefs: 0170255C
                • HEAP[%wZ]: , xrefs: 0170254F
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                • API String ID: 0-3815128232
                • Opcode ID: b2ebc7d8dd4cd59c6cd7e71a65ad2a339745430bf2f5e8a0b96c1cd41dd3b68d
                • Instruction ID: ad72254d1fcdbd2fc8cc9729a893bc0f5bbc4b13c72460f2688fbc2448e77546
                • Opcode Fuzzy Hash: b2ebc7d8dd4cd59c6cd7e71a65ad2a339745430bf2f5e8a0b96c1cd41dd3b68d
                • Instruction Fuzzy Hash: A951E336100350DAE776CA2EC85C772FBF1DB44645F66889AF8C28B2C7D266DC46DB21
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • HEAP: , xrefs: 016C42AF
                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 016C42BA
                • HEAP[%wZ]: , xrefs: 016C42A2
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                • API String ID: 0-1596344177
                • Opcode ID: 7d054246b219ae526252679200ef38a0c282f8e451fce2384d8e16e614ab4d1d
                • Instruction ID: 1d0e131911c37f50994ac606f15d3188b1132db05c6f7790370590b648017fe3
                • Opcode Fuzzy Hash: 7d054246b219ae526252679200ef38a0c282f8e451fce2384d8e16e614ab4d1d
                • Instruction Fuzzy Hash: DD51EC34A00515EFDB18DF68C984A7ABBF2FF84710F2581E9E8159B342D732AD46CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 016D00A4
                • Failed to reallocate the system dirs string !, xrefs: 016D0093
                • LdrpInitializePerUserWindowsDirectory, xrefs: 016D009A
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 7b1c527a03bc9cf7600f8759d98d37f3417ca2c09082770b5290eaaa8bac396d
                • Instruction ID: 85fb894ff23772948d4e2dd72bfcb297c0e242e0c088ad97749f31a54574ddf3
                • Opcode Fuzzy Hash: 7b1c527a03bc9cf7600f8759d98d37f3417ca2c09082770b5290eaaa8bac396d
                • Instruction Fuzzy Hash: 8B41F279915302ABC722EF68DC44B5B7BEDEB44620F04852FF94597251EB70D8018B95
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 7fed49178b1f7e2ba41e8811a93efc724afddf59052bf0ecc45ea42911ae507f
                • Instruction ID: e9c84d907ccdb6c0f23a8f0a1730d415b094402eeaee17e7e981641ef91da9e4
                • Opcode Fuzzy Hash: 7fed49178b1f7e2ba41e8811a93efc724afddf59052bf0ecc45ea42911ae507f
                • Instruction Fuzzy Hash: 381104313041069FE769DB29CC94B36B7A6EF41A21F19812EE85BCF341D730D841CB49
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: $$.mui
                • API String ID: 0-2138749814
                • Opcode ID: 732fc891b4dda6537859b4feed070b3004025312b13262e2e1943d380c3879a0
                • Instruction ID: 82af42d0e20c5866c571efbae2848a83f277c0f80143819527da644761a427b7
                • Opcode Fuzzy Hash: 732fc891b4dda6537859b4feed070b3004025312b13262e2e1943d380c3879a0
                • Instruction Fuzzy Hash: 81424B72A02669DFEF21DF59CC80BEAB7B9AF45210F0041DAE509E7252DB309E81CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • LdrResFallbackLangList Enter, xrefs: 016699F2
                • LdrResFallbackLangList Exit, xrefs: 01669A04
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-1720564570
                • Opcode ID: aaaf997ba051057ac3a2b57e13192a894dac97a467837f8a55664269f1f594cd
                • Instruction ID: 1dff0a3d3d06d4ea9a6903e7180d0f3c3a09fc226eb42ccac3784e1539364c94
                • Opcode Fuzzy Hash: aaaf997ba051057ac3a2b57e13192a894dac97a467837f8a55664269f1f594cd
                • Instruction Fuzzy Hash: 7DB1AD72208386CFDB14CF58C880AAAB7E9FB84748F04496DFD859B391E734D945CB96
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                • Instruction ID: b25a2247e434d0c542b41ed6fb758542c29336ead75833f4361223979d0c79e9
                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                • Instruction Fuzzy Hash: 58917F316043429FE726CE2DC945B1BFBE6AF84714F14892DFA95CB288EB74E904CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 5f7d833754436f92bc76304bebbd2365022812cdc5cc5a4e93d744d13039d42e
                • Instruction ID: 25d15b7d282350ea1de464291efaa6f09dae6136f419f5f3c681d982b5ac3a42
                • Opcode Fuzzy Hash: 5f7d833754436f92bc76304bebbd2365022812cdc5cc5a4e93d744d13039d42e
                • Instruction Fuzzy Hash: 0D517C71E006099FDB24DFA8CD40AAEBBF9FB48700F15402DE60AEB651EB71D901CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • RtlpResUltimateFallbackInfo Enter, xrefs: 016661CE
                • RtlpResUltimateFallbackInfo Exit, xrefs: 016661DD
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: a695c6899c94b99b05f34686f51f137a43008d192bda737a812f41f3b571692d
                • Instruction ID: 87c72e3843de6e84d003abd25d1515144c1b541744427292da5af5b08298871f
                • Opcode Fuzzy Hash: a695c6899c94b99b05f34686f51f137a43008d192bda737a812f41f3b571692d
                • Instruction Fuzzy Hash: CC41D271600205DBEB11CF6DDC84BAA7BBDFF81344F148069EA00DB391E7359981CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 94221b5bc4027379504ea2a25cc2a6575ecaa976a5d9954481bccef63df33e1d
                • Instruction ID: c505c00df1f6e26fd2839a49df9d9f83a19272f6bbc865687150b193471bd3ad
                • Opcode Fuzzy Hash: 94221b5bc4027379504ea2a25cc2a6575ecaa976a5d9954481bccef63df33e1d
                • Instruction Fuzzy Hash: 5C727E75E00A19CFDB21CFA9CC807ADBBB9BF48314F14816AD999AB341D7349986CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 98ad329d42bf18248f332fce2b21453df394c49882215b0543005a38cc75b031
                • Instruction ID: ee4929c5c4e07786128877cf1f53b112e2e5edf6bf2235f44f5006975705344a
                • Opcode Fuzzy Hash: 98ad329d42bf18248f332fce2b21453df394c49882215b0543005a38cc75b031
                • Instruction Fuzzy Hash: 5C32D0752046518BEB25CF2DC890372BFE1BF45300F09849EEB968B796D736E456CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0167B9A5
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID:
                • API String ID: 885266447-0
                • Opcode ID: 865da177a3a1f5c1720d68ee0e80bcd74405ee2d2172aa4281d01360fc571d18
                • Instruction ID: a92c6163cd064fc2b52f461bec9812b1a39d7430e7fd0250357063b8d2e2021e
                • Opcode Fuzzy Hash: 865da177a3a1f5c1720d68ee0e80bcd74405ee2d2172aa4281d01360fc571d18
                • Instruction Fuzzy Hash: 31514871A08345CFC721EF6DC88092BBBE5FB88610F14896EF99587355DB31E844CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: PATH
                • API String ID: 0-1036084923
                • Opcode ID: 829c930186408190d1dfdb75df93984114374e0b961edf6f81cdd9788e2e0c0e
                • Instruction ID: ff76455f785d52e512a8e4e335e687860cd3fdab69c40bee5f04994b7fe31403
                • Opcode Fuzzy Hash: 829c930186408190d1dfdb75df93984114374e0b961edf6f81cdd9788e2e0c0e
                • Instruction Fuzzy Hash: FFC19EB5E00219EBDB25EF99DCA0ABDBBB5FF48710F44412DE901AB350D734A942CB64
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 016CBE0F
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                • API String ID: 0-865735534
                • Opcode ID: 45a594efb285f376b1a6e6d0e0d77eba54e4a62f1d9dddfd1d45dc7dc7aff6c0
                • Instruction ID: 695847754e5089ae7247afaa02f7fbbdbddabfcdfc0097b056c4ec89014adb7b
                • Opcode Fuzzy Hash: 45a594efb285f376b1a6e6d0e0d77eba54e4a62f1d9dddfd1d45dc7dc7aff6c0
                • Instruction Fuzzy Hash: 81A1F571B006068BEB25EF6CCC5077AB7A5EF48B60F0446ADEA06DB781DB30D941CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: RTL: Re-Waiting
                • API String ID: 0-316354757
                • Opcode ID: a93bc292373c7943d5be559b5900ea681e6937fc383b7b97ed4724fd122726c0
                • Instruction ID: 6f54c2416ad1143715b9414127cd9096b4acfe70ab944deb5d861768461f8f26
                • Opcode Fuzzy Hash: a93bc292373c7943d5be559b5900ea681e6937fc383b7b97ed4724fd122726c0
                • Instruction Fuzzy Hash: FB610431A00645DFEB22DB6CCCA4BBEBBA5EB44714F1406ADDE11973C1C734AD428B92
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                • Instruction ID: 24a7e3aaaf380692dd7912333f6b457da387508d4a48ec0364a2c060a27f9927
                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                • Instruction Fuzzy Hash: A4517C71504711AFC320DF69C841A6BBBF9FF58750F008A2EFA9587690E7B4E904CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 6c001e070ab39b5aadbc01d6c829ce6b69985389e5ac1add5d36b4f3501407f5
                • Instruction ID: 7990de070e9132027fe1e047a2d8e449a1df37fef324f9e9b3068e569e6c9ef1
                • Opcode Fuzzy Hash: 6c001e070ab39b5aadbc01d6c829ce6b69985389e5ac1add5d36b4f3501407f5
                • Instruction Fuzzy Hash: FA4142F2D0056D9BDF21DA50CC84FAEB77DAB54714F0145E9EA09AB240DB309E88CF99
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: `
                • API String ID: 0-2679148245
                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                • Instruction ID: 2e4658482be1539b63174d03dbe2b2b457485cd9ec9c846c63455925cbe2e3dd
                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                • Instruction Fuzzy Hash: 2C3124323003566BE720DE28CD45F9BBBE9EBC4754F144228FA449B280D770E915C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 016840E8
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                • API String ID: 0-996340685
                • Opcode ID: a827929c121bb0dfaa97af8e5fd902861710b642410be7598f916e86f3fdbb9a
                • Instruction ID: 76f1a59a07512d1ebc9692732568ec1e42425324f3b69461d2300452293ca5a3
                • Opcode Fuzzy Hash: a827929c121bb0dfaa97af8e5fd902861710b642410be7598f916e86f3fdbb9a
                • Instruction Fuzzy Hash: 51416075A007469AD725AFA8C8407F7F7F8EF15701F00462ED69AC3240EB34A545CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: d5aa29fb5a14f8287289226fa4da348802ae7effaafd31d8304e0f6dc6b966c6
                • Instruction ID: 1d623bedb04e80f46c4733f95c5f3280c4ae1740cfbe635d9a8e34c7c4d8b7b8
                • Opcode Fuzzy Hash: d5aa29fb5a14f8287289226fa4da348802ae7effaafd31d8304e0f6dc6b966c6
                • Instruction Fuzzy Hash: 6331C0B2D0151AAFEB15DA58CD45E7BBB79FB80B20F014169E914AB391E7309E00C7E2
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 29cfe6feb9508596637875881a216a9dd6c88fe585c92efb6613675042abb806
                • Instruction ID: a20d82211ef7932c793fb43f2833517798701ddc31f2ae2b8a7b6ce54a3ed95b
                • Opcode Fuzzy Hash: 29cfe6feb9508596637875881a216a9dd6c88fe585c92efb6613675042abb806
                • Instruction Fuzzy Hash: DD3193B1548305DFC721EF68CD8096BBBE9EB96654F000A2EF99493390D735DD05CBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: WindowsExcludedProcs
                • API String ID: 0-3583428290
                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                • Instruction ID: c54a62dad8d5e22e44b5b56b619f587eba2a351cc4a53fe527b7ee12250c871e
                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                • Instruction Fuzzy Hash: D821DA7A501529ABDB229A5DCC80FAFBBADEFC2651F054466FE049B304D734DD01D7A0
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                • Critical error detected %lx, xrefs: 01708E21
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: Critical error detected %lx
                • API String ID: 0-802127002
                • Opcode ID: 29431f752bec24076e424f8d2e6c44538e9dd626055e92bde0d7163fb85bc644
                • Instruction ID: b6b23c571c9de2b5e2602e416120dc95c6fa4a7962e69114ed84683e7cd3d885
                • Opcode Fuzzy Hash: 29431f752bec24076e424f8d2e6c44538e9dd626055e92bde0d7163fb85bc644
                • Instruction Fuzzy Hash: 3E1135B5D55348DADF26CFA8990579DFBF1BB18314F24425EE529AB282C3740A02CF19
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 787e2197a8c4a132b47420e1d0e23d3a126b9bda18f9ea73a9b6c89cd9a8c06c
                • Instruction ID: cd51a4fa4693eae2e219f5acc6430c4e707da127688193933b1af5a51d7d7d29
                • Opcode Fuzzy Hash: 787e2197a8c4a132b47420e1d0e23d3a126b9bda18f9ea73a9b6c89cd9a8c06c
                • Instruction Fuzzy Hash: 63422975900269CFDB24CF68C880BA9FBB1FF49314F1581AAE94DEB242D7749986CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d30b9ca37e2b151419125fb29ea003e6ddc06f079e350a0b45c8e0c9a7a38ae5
                • Instruction ID: e76eff2c11b0ff3b5aad2fce0ddbf26c149f0139b4cecaa5681a5c83cef6feb2
                • Opcode Fuzzy Hash: d30b9ca37e2b151419125fb29ea003e6ddc06f079e350a0b45c8e0c9a7a38ae5
                • Instruction Fuzzy Hash: A2226135A002168FDB19CF5DC490AAEF7F2FF89314F28856DD951AB349DB34A942CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1f50254ce1efaca9f56eb11afeb70c8da7f46bbd79bde86fe9929277bd09c63
                • Instruction ID: fa4939f93bf8be00f2679272b578e457c669bec7fabf62ca7dacca1c53669377
                • Opcode Fuzzy Hash: e1f50254ce1efaca9f56eb11afeb70c8da7f46bbd79bde86fe9929277bd09c63
                • Instruction Fuzzy Hash: C022AE756042118FDB19CF1CC490A6AF7E2FF88314B148A6DF996CB399DB70E846CB81
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af52ccb5da2998a4d6b43c061fa044ed38b2dc17bdcc6c0b83f306b16c1d17fd
                • Instruction ID: adfc3f8100af9c682cdaf8424c96fa7ff4ecfae93b2b383ebb2faa1bd13d792e
                • Opcode Fuzzy Hash: af52ccb5da2998a4d6b43c061fa044ed38b2dc17bdcc6c0b83f306b16c1d17fd
                • Instruction Fuzzy Hash: 43F180706082118FD724CF69C884ABAB7E1FF98714F15892EF596CB350EB35D892CB52
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe2a6537cc400645d09c4080dd4a85262a92f70b200345af9201741fab1cae21
                • Instruction ID: cee0e695e0b1dfa416753890fcb9fa487b703c9bcab459da39293fd7fabd6626
                • Opcode Fuzzy Hash: fe2a6537cc400645d09c4080dd4a85262a92f70b200345af9201741fab1cae21
                • Instruction Fuzzy Hash: 62F1F2356083419FDB26DB2CCC6076B7BE2EF85724F14865DE99A9B381D734E841CB82
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 048d865530924edb37380aa764942452c5fcc617a5189e154da5eb49acd199ce
                • Instruction ID: 0b26f37d96397e0b029a42b68ab830ae5f6040b4a8ddb49e6826891958483d1d
                • Opcode Fuzzy Hash: 048d865530924edb37380aa764942452c5fcc617a5189e154da5eb49acd199ce
                • Instruction Fuzzy Hash: C6D1D271A00206ABCB54DF68CCA0AFAB7B5FF15314F44466DED56D7280E734E985CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d51a1220e69e66e0c27414f970f34cdd0880f9e22c57f806a52276564baf017
                • Instruction ID: 6c5d8b968403d0341aa85697ad72a39262c9c65a4aafaa9f978841d90c2903cc
                • Opcode Fuzzy Hash: 0d51a1220e69e66e0c27414f970f34cdd0880f9e22c57f806a52276564baf017
                • Instruction Fuzzy Hash: 73E161B5A00205CFDB18CF59C890AB9BBB1FF48310F15826DE955AB395D734E945CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfccf69cf831af42d21967193dc33c074aaacdc85535d43863bf26725a368b98
                • Instruction ID: 1c68c04f20a0fe508ec471e7bd8786cc9327a269746542ce42a9c157ecd96ef8
                • Opcode Fuzzy Hash: dfccf69cf831af42d21967193dc33c074aaacdc85535d43863bf26725a368b98
                • Instruction Fuzzy Hash: EBE1DE70B0125ACFEB208F68CC94BB9BBBABF41314F0541ADD94997391D734AD81CB52
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2c681ce8e22a15a2c8d639305e767ec2e8b32196e0baff65f833b1f0dfcf4d3
                • Instruction ID: ca54017aca58d3e7b0d0d649631fdf4b13b7c5a7895163bd7cb66dddb896db0c
                • Opcode Fuzzy Hash: b2c681ce8e22a15a2c8d639305e767ec2e8b32196e0baff65f833b1f0dfcf4d3
                • Instruction Fuzzy Hash: 27E1FF71E00608DFCB65CFA9C984AADFBF2BF48750F14466AE946A7761D730A881CF14
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 108e2bccf146337beb46d98a13fe2677f7555890effec83ac0585b0b226dde19
                • Instruction ID: ad83251782ed015356fc53149d3e70f00c5f9cc6d24675bccfa22d5dce21c6b0
                • Opcode Fuzzy Hash: 108e2bccf146337beb46d98a13fe2677f7555890effec83ac0585b0b226dde19
                • Instruction Fuzzy Hash: 9FD1DCB2A00602EFC721DF29CD80BAAB7E9FF58304F04852DE9899B751C774E841CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                • Instruction ID: c230354f53c432d72fb1c145e72f2e62812686498d3b514260a1966d0dd29b9c
                • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                • Instruction Fuzzy Hash: D3B1AE31B0160A9FDB25DBA9CC94BBEBBE6EF88600F14416DEA52D7385D730D941CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 27b06ce0a07beea04c22d6f2f0c99a15ed9690850f54802c942d743b8d5d5f0d
                • Instruction ID: d7528be434ef307a157c7ac313ae8e779c69d1f2a5f6cad2e69e3fd4a97930c7
                • Opcode Fuzzy Hash: 27b06ce0a07beea04c22d6f2f0c99a15ed9690850f54802c942d743b8d5d5f0d
                • Instruction Fuzzy Hash: 26C122755083818FD354CF28C990A6AFBE1FF88704F148A6EF9998B352D771E845CB46
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ba103f16bd8de7416a8ba98eb1fca44fcfe8d4c30466b039ce3ed639841e385
                • Instruction ID: afb0a07bceea3583f32a2d35156d14188c12aa0e270e13a7101dd41028830be6
                • Opcode Fuzzy Hash: 6ba103f16bd8de7416a8ba98eb1fca44fcfe8d4c30466b039ce3ed639841e385
                • Instruction Fuzzy Hash: E7910332E00215ABEB31EA6CCC54BBD7BA5EB05B24F050769FA10AB2D1DB749C44C795
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 076a5b1d033cda528c75565b20c313034bf23f7b5d6f4c7b4c653ac8a9eb48eb
                • Instruction ID: e8b2c112b54d18721d467150d24600d4218a67dbf4a40c489f950076042b510b
                • Opcode Fuzzy Hash: 076a5b1d033cda528c75565b20c313034bf23f7b5d6f4c7b4c653ac8a9eb48eb
                • Instruction Fuzzy Hash: 2AA14AB4A04205CFDF25EF98C8817A9BBA1BF09354F14865EE9519B3D2D771D882CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 335c0017ea8967417fe1f1e815ad3c71d9754570831e1c2b87a27cbdfcf03651
                • Instruction ID: 5a26b6425a9d567e582cb3ffdf525836b70c287f41e5ef911e92184e1a7dce33
                • Opcode Fuzzy Hash: 335c0017ea8967417fe1f1e815ad3c71d9754570831e1c2b87a27cbdfcf03651
                • Instruction Fuzzy Hash: 5581E8B1A0011A9BDB31CA28DD94BEA77B9EF45314F0441AEDA15E3281E774DEC1CF98
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                • Instruction ID: a3aa29ffb87d2f6492029d03a1cd9b41e1cc43da064a11013d76e43432295407
                • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                • Instruction Fuzzy Hash: 44819B71A003459FCB25DF68C844AAABBF5EF59300F14866EE996C7751D330EA42CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8e2c1abff8519d0442b5f61afe30206228b0715505707b373105af636e9b1e2
                • Instruction ID: 995570832dbaf81cd5522b8419f7135cf2c74995592d9026780a3a87c62b8911
                • Opcode Fuzzy Hash: f8e2c1abff8519d0442b5f61afe30206228b0715505707b373105af636e9b1e2
                • Instruction Fuzzy Hash: D3719E72208351AFD711CFA9C884A6BFBF9FF88740F144569FD498B219D630D408CBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09f1ee1affd5008ba23acd8f000933ecb25852d20b951d2229ee38c37ec52a11
                • Instruction ID: 8bcdb19862458e7bacdbf82d5da4682318a0d7684eeb6161a9afe83bbb11dbe0
                • Opcode Fuzzy Hash: 09f1ee1affd5008ba23acd8f000933ecb25852d20b951d2229ee38c37ec52a11
                • Instruction Fuzzy Hash: 3071F132201702EFEB32DF18CC48F66BBE6EB40720F15462CEA559B2A0DB71E945CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                • Instruction ID: 06c110a496b3201ba53c58a2e761d6fff60f08591a17e353f8556a0ac78d5c93
                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                • Instruction Fuzzy Hash: 09716E71E0061AEFDB10DFA9CD84AEEBBBAFF48714F104469E505E7250DB34AA41CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0dacf2bfbf2812e9e2c472396955815d0296c2d25604dc6984711aaf3b4ba9d3
                • Instruction ID: a236fb9869bc51df43e5fe4434b517b2048d9df0a121fef2d00fe3011e7de6b6
                • Opcode Fuzzy Hash: 0dacf2bfbf2812e9e2c472396955815d0296c2d25604dc6984711aaf3b4ba9d3
                • Instruction Fuzzy Hash: 6261E136A062158BCB25CF5CD8907AABBB6EF85310F1480A9E855DB746DB34D982C7D0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 955ef0561665ac0cf2418f42719ab048cd97777f80e9d57cf4672ce82c76e9e9
                • Instruction ID: 5b801ea742daa971e89b3172f55156cee5bac27103d3ed7c121d9275a6c04d0a
                • Opcode Fuzzy Hash: 955ef0561665ac0cf2418f42719ab048cd97777f80e9d57cf4672ce82c76e9e9
                • Instruction Fuzzy Hash: 9D51AC71A007469FDB21EF99CC84A6BB7BAFB54759F00882DE94287711DB74E885CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cd08ddfcfcca9ac5a0166fc3d87224df86ecb49d3b9f1c7d2254e475d190943
                • Instruction ID: aee6084f39952fdfdf633ac0dd04b527a5ebcf1eb29904b0af433832c98a21d1
                • Opcode Fuzzy Hash: 5cd08ddfcfcca9ac5a0166fc3d87224df86ecb49d3b9f1c7d2254e475d190943
                • Instruction Fuzzy Hash: F551AF71D102698BDF359F688C84BFEBBB1AF04710F1141ADD95AAB382DB718981CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25dabdd4c049b31fe924a000390f0ac7368ce46da3e12c822e3feb8abadd512b
                • Instruction ID: e3f73bc047007093a8b1489c4b1646106f446be8bfb2c1aed57fc2b8a60b2642
                • Opcode Fuzzy Hash: 25dabdd4c049b31fe924a000390f0ac7368ce46da3e12c822e3feb8abadd512b
                • Instruction Fuzzy Hash: 8C51BE31A0062AAFEB15EF68CC48BBEB7B5FF9471CF00422DD51297690DB749951CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32b557661d79b237aaf4b7f741c6133f0d00037e3c6bf930d83ad837be3e959e
                • Instruction ID: 114cbe56d854c8a13a51c5352be796173f56d4b5ed1be53a94537207f0eaf68b
                • Opcode Fuzzy Hash: 32b557661d79b237aaf4b7f741c6133f0d00037e3c6bf930d83ad837be3e959e
                • Instruction Fuzzy Hash: 1051FF326047428BE311DF6CC994B66FBF5FFA4314F18086DE9858B298EB34E805CB81
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f2d785d7fe4c7f8960a440ee957b217c1f0b58a0a6d92435cc63ca4cf4a5fa9
                • Instruction ID: f73f6e7ae2ab52a682f9bdd2d79a9c74193f70b86ccb3181c89e47ad15baf1ee
                • Opcode Fuzzy Hash: 8f2d785d7fe4c7f8960a440ee957b217c1f0b58a0a6d92435cc63ca4cf4a5fa9
                • Instruction Fuzzy Hash: 2751DB71205342ABD721EF68CC84B2BBBE9FF90710F10491EF89687651E770E845CB96
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24f70ec17abfe69b81ae695ec78f41cd2f417a90adb14a05f804f7b252f59efc
                • Instruction ID: c0ba67a1caa4cfed9a33f7eff79ff754f082be1d63767f398e6ce71c77a498b3
                • Opcode Fuzzy Hash: 24f70ec17abfe69b81ae695ec78f41cd2f417a90adb14a05f804f7b252f59efc
                • Instruction Fuzzy Hash: 4151D2B6A00115CFCB14EF5CCCA09BDB7F1FB88704706865EE8469B315E734AA91CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fbad399ecdea6751633e32199d4fd8c86536629997849acf3ce3ea44961db749
                • Instruction ID: a16ae9b9cc9e60c254a9247bd1be1902d38c9d9152acfe8557ed2814463a404a
                • Opcode Fuzzy Hash: fbad399ecdea6751633e32199d4fd8c86536629997849acf3ce3ea44961db749
                • Instruction Fuzzy Hash: 8251D872A00608AFDB26CFACCC84BEEF7B5EF44310F058569E915EB194D7749A05CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 082e2068e0ec6997c9692617c024fe69358200e0ac949c0aff0805629d2b9167
                • Instruction ID: 4a509e0162dae91c2058c9d90a791eedc16d107a92690fc99871400c7133d80c
                • Opcode Fuzzy Hash: 082e2068e0ec6997c9692617c024fe69358200e0ac949c0aff0805629d2b9167
                • Instruction Fuzzy Hash: B251CF76A00206CFCB14CFACC880AAEFBF6FF48310F24855AD955A7341DB31A985CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                • Instruction ID: dbecc4f1a0152d72fb88b4732a78ced1ec4460fd55258763d02d711997cb7045
                • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                • Instruction Fuzzy Hash: 91515A36E04515CFCB15CF98C980AADF7B6FF84714F1481A9D915A7351DB30AE42CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42adcf10a8eb659fb849713120bf3c79e413ed88b903d0d8dbb0aba9b677fb07
                • Instruction ID: 1d4caf3e2de71bdbdf9a7d28a2228abce21893ac68f91c37b9d1651213e380b3
                • Opcode Fuzzy Hash: 42adcf10a8eb659fb849713120bf3c79e413ed88b903d0d8dbb0aba9b677fb07
                • Instruction Fuzzy Hash: 61514771A0021ADFDF25EF99CC90AAEBBB6BF58710F01825DE915AB310C3359952CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3344b00a38cb2e5d13711c967941b58c8f034479af0935dc5decb7096d3ca02e
                • Instruction ID: e62431e7668b7f1c6940be3e72fa52d59166dc8a183604915eed3b9336298b88
                • Opcode Fuzzy Hash: 3344b00a38cb2e5d13711c967941b58c8f034479af0935dc5decb7096d3ca02e
                • Instruction Fuzzy Hash: BE41AE36604312ABD320EF28CC84B6BBBA5AF54750F10492DFD969B391E770DC46C79A
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bd25eff04d3903d424e9930faa65c0297cb9824d30401b3f6a1fca7757eb3b6
                • Instruction ID: 18637462efa15498532e8fd0e64803445227893ba956fc49dba7ca446b7371b3
                • Opcode Fuzzy Hash: 6bd25eff04d3903d424e9930faa65c0297cb9824d30401b3f6a1fca7757eb3b6
                • Instruction Fuzzy Hash: 3441A735A002299BDB31EF68CD40BFA77B9EF45710F0105A9E908AB341DB74DE45CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168cbbd484114ce14fb3c663a04ac01f291449b6f1cf065fcaad47241012b54
                • Instruction ID: 263e7e038778526b521c7c428c8b1fe2de2029af3c02a943afeee384a789eea5
                • Opcode Fuzzy Hash: 6168cbbd484114ce14fb3c663a04ac01f291449b6f1cf065fcaad47241012b54
                • Instruction Fuzzy Hash: 9D41E371A40319AFEB32EF18CC84F6AB7AAEB54710F00419EE9469B381DB70DD40CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5a150e151ecf304629cab6eb2f8196aa25c6424817e4bf031ae73b91c266cf8
                • Instruction ID: f4376dc45f27776bcae2c04ff3efaf0cecc7b5bf4abd2f5ff4003fd5631baef3
                • Opcode Fuzzy Hash: b5a150e151ecf304629cab6eb2f8196aa25c6424817e4bf031ae73b91c266cf8
                • Instruction Fuzzy Hash: 3541CE71A00216AFEB22EFACCC40FBDB6B6BF58714F20019DE861A7351DB3488008B65
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                • Instruction ID: f18a4d123e4d88949d78930c253dbfbcb18dc9fae638a0896723679e53e82056
                • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                • Instruction Fuzzy Hash: F841E436602105EBDB15DF68CC54BAF7BBAEF54710F198268EA029B390D730DD02C7A0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                • Instruction ID: 549a49894db7c17bfc437fc636ab079c0dae9ab0c74ec4191862c9b6aa93d990
                • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                • Instruction Fuzzy Hash: 2C412A71A00605EFDB65CF99C980BAABBF9FF19300F2049ADE956D7650E730EA44CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3201fe48ecb383b0230dd1656aa207cc0160200f32e21876bc73be0d5951d45
                • Instruction ID: f51bb21d07189ef6ce29443cc2bdcc5f361e03e89d2a1dc8ae5b22eb67206c2e
                • Opcode Fuzzy Hash: a3201fe48ecb383b0230dd1656aa207cc0160200f32e21876bc73be0d5951d45
                • Instruction Fuzzy Hash: 6541AA35945205DFCF61DFA8CC907AABBB9BF15325F04412AE811AB392D334C982CFA4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                • Instruction ID: 9756a264a1f0d2649aa7071ef62fca8a2b47f4a484f22326869497f123f2162f
                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                • Instruction Fuzzy Hash: BE310432F021C96BEB258B6DCD45FBFFBBBEF80210F054469E905A7259DA749D00C650
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ebf366915b1f5aca78552448bae6a312c503811f0db01374750cdddef847fe7
                • Instruction ID: 9c8ddd93d3671edb74cdd63d8ecf84c10da5e5ab6d033888b507b2d864c958de
                • Opcode Fuzzy Hash: 7ebf366915b1f5aca78552448bae6a312c503811f0db01374750cdddef847fe7
                • Instruction Fuzzy Hash: 64415FB5A403299BDB24DF69CC88AA9B7BDEB54300F1045EADD1997342E7709E81CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b083a1f938fef0e6e9772d07fde9a49c2b092bc3e43fd94340627111a04802d
                • Instruction ID: 1ce287b9bbebb8c94b10c40e94647d2039ba2fac9f532570e73200299cb279f3
                • Opcode Fuzzy Hash: 2b083a1f938fef0e6e9772d07fde9a49c2b092bc3e43fd94340627111a04802d
                • Instruction Fuzzy Hash: 41418BB0501705CFCB61EFA8CD40A79B7B6FF94318F5482ADD41A9B7A1DB30AA41CB42
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                • Instruction ID: 7ce9d6d7f2d3bfcf716354a885600931d0185b5fb084d3b75cf021ead99d4202
                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                • Instruction Fuzzy Hash: F7313732300A416FD7229B7CC848F6AFBEAEBC9650F184158E9468B74ADA74DC49C760
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb13478df097a66b7c2aacc53fa97061c123bd4c427a5e97ac65f3fdf65f6be0
                • Instruction ID: eed6499748f2620bbf31d1d9738777c1d2b2dabf23d29513ff67e248b120dfeb
                • Opcode Fuzzy Hash: bb13478df097a66b7c2aacc53fa97061c123bd4c427a5e97ac65f3fdf65f6be0
                • Instruction Fuzzy Hash: 5B31EB3420420A8BDFB5DE2DCC5467A379AFFA1218FA4845EEF1187352D732D481C756
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                • Instruction ID: ae9a5b6d5610fb61f3ce83f189d84f1894ad20224ff4b1bff42a8fade8889c6e
                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                • Instruction Fuzzy Hash: 0631A3726047069BC72ADF2CCC84A6BF7AAFBC4210F04492DF95687689DE30E905C7A5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4dd1041abef3c28e712ce291c31167c7e3cac545d044ead03d7e3adc30a56553
                • Instruction ID: 10452693d2196508ff6728f210efeae034b43c02d9140987655ae5417ba250bc
                • Opcode Fuzzy Hash: 4dd1041abef3c28e712ce291c31167c7e3cac545d044ead03d7e3adc30a56553
                • Instruction Fuzzy Hash: 1C417BB1D00209AFDB24CFA9D940BAEBBF9EF48714F08812EE955A3240DB70A905CB55
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 648097fe6de5598045241ad17f84fcae07bc33ffde1938d395d1f6550be76e8e
                • Instruction ID: 6f2acd47881d52c96dd2faedbc81f8a4cb1c9ef731b9499e04a5cd3b57d43c63
                • Opcode Fuzzy Hash: 648097fe6de5598045241ad17f84fcae07bc33ffde1938d395d1f6550be76e8e
                • Instruction Fuzzy Hash: D2311832241601EBC7269B18CC84B7B7B76FF10760F11861DF9564B6D0E760F841C794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37fe8488daaecdfceadc426637d45162c76e8d9e6b0dfd97667bee703ec3ebd3
                • Instruction ID: f404bdfef8f594c1fabee40004ec409e18b3653b73c580f4f90eb474dba6de91
                • Opcode Fuzzy Hash: 37fe8488daaecdfceadc426637d45162c76e8d9e6b0dfd97667bee703ec3ebd3
                • Instruction Fuzzy Hash: E4317C32A05615DBDB258F3ECC51A7ABBB9FF45B10B05806EE94ACB360E730D841D7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                • Instruction ID: 73a647d28f5a4529996b2ccf72f1936823caed10cb73226f63cce42826746b8b
                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                • Instruction Fuzzy Hash: 78313772601547BED705EBB8DC90BE9FB99BF62200F0481AEC42C47301DB346A4ACBE5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 721b1afb94e800cb4f96b41a2759e69c76b7aa3e2f4dfdc35de88244a16c2eae
                • Instruction ID: a58abf7e449ac7b39b196b4dc8d5e3f8b0103feb23fe9558525e3f2de27b756b
                • Opcode Fuzzy Hash: 721b1afb94e800cb4f96b41a2759e69c76b7aa3e2f4dfdc35de88244a16c2eae
                • Instruction Fuzzy Hash: B331A276A047519BC320DF68CD40A6AB7EAFF98704F044A2DF99587790E730E914CBA6
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2dba8e62fcd6fd8b49962b10c244c0149c151ea38bda43c954640e518d7952b
                • Instruction ID: 0ebe509a0221599eec476d32dc0e0fc9f05fb8f12683154fd207578d474721fd
                • Opcode Fuzzy Hash: e2dba8e62fcd6fd8b49962b10c244c0149c151ea38bda43c954640e518d7952b
                • Instruction Fuzzy Hash: 2331AD71641202EFCB62AF2ACC40B6AFBEDEF50754F10846EE9459B611DBB0D840CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44c43b96353e98481e495f50fd854c5d5a9dad481c81acc3e73fff49c634c13f
                • Instruction ID: 284cdcd3a515576153a898b5b60e306791a01d7b7c3cc069f8cef5a21a5ca5a4
                • Opcode Fuzzy Hash: 44c43b96353e98481e495f50fd854c5d5a9dad481c81acc3e73fff49c634c13f
                • Instruction Fuzzy Hash: A541D174B047468FDB21EFB88C107AEBAE2AF51704F14062EC086A7741DB755905CBAE
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81595460414d02d9a773d4778f81eea40999aaed45a89169ea70e583eb9a5e38
                • Instruction ID: f922d9257dabb947036b8642a19e08a79cbbc665a17fd0ba411f8d7024fdc4ee
                • Opcode Fuzzy Hash: 81595460414d02d9a773d4778f81eea40999aaed45a89169ea70e583eb9a5e38
                • Instruction Fuzzy Hash: 183149B1609302DFC712DF58D99091AFBE1FF89614F048AAEE4989B291D730DE44CB96
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa5869eb86dfbd9138dea9cd7bad78ee54dd3321f7f5d79a5f031ed838695c85
                • Instruction ID: 8b25387b7e0144e72df18e7b37587b07630b31e01e480bf95de3c1ace5feb36b
                • Opcode Fuzzy Hash: aa5869eb86dfbd9138dea9cd7bad78ee54dd3321f7f5d79a5f031ed838695c85
                • Instruction Fuzzy Hash: B231A172E0121AAFDB61DEA9CC40AAEBBF9FB04790F014569E915E7350E7709E018BD0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ed691c4a8e3acf8c6ce9d04a63b9fdae1ada505f6d865a5bb2c67b86ed14b48
                • Instruction ID: 43718393fa09f64b2048846633b1ac419f01dd98b898171c6dd626a0be3cdffa
                • Opcode Fuzzy Hash: 7ed691c4a8e3acf8c6ce9d04a63b9fdae1ada505f6d865a5bb2c67b86ed14b48
                • Instruction Fuzzy Hash: 3B310071A05256EBCB229B9CDC50AAAFBBAAB85710F1040ADE515EB244DAB0DD008B90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 58499251256a74d4bce6ce52917c666aafc74d6a163d1e0a4efa52a6ba12a7e2
                • Instruction ID: c9bd8b5c59ffb0684c1aaca99eeb6d4179867ca585cdf3f74feff513e0e962c6
                • Opcode Fuzzy Hash: 58499251256a74d4bce6ce52917c666aafc74d6a163d1e0a4efa52a6ba12a7e2
                • Instruction Fuzzy Hash: 24318C716053118FE360DF1ECC00B26BBE5FB88B00F054A6DE9999B352E7B0E904CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 523c3e3bfeadd761836f1f635f48645f210adec11876718bf9318932a2c68f7b
                • Instruction ID: 490968103abc2c68294f5b5405ef77470af3fa9db1e5743b7523a8a9cf55a3f4
                • Opcode Fuzzy Hash: 523c3e3bfeadd761836f1f635f48645f210adec11876718bf9318932a2c68f7b
                • Instruction Fuzzy Hash: 2531B471A00119ABCF15AFA8CD81ABFB7B9EF44700F01416EF902E7250EB749951CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b5adce9b735d60737fb4c0ac47e0f1effadadb77eb890a43eb853f98ba1ea90
                • Instruction ID: 19c0cb59805c94ccde952a3505b0bf96e8001cdb955826cb9da53f2bf4a09167
                • Opcode Fuzzy Hash: 1b5adce9b735d60737fb4c0ac47e0f1effadadb77eb890a43eb853f98ba1ea90
                • Instruction Fuzzy Hash: 3C31E432205251DBCB21DF98CE54B2AFBAAFF81B10F01455DE86647345CBB4D802CB8A
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                • Instruction ID: 96678e18d36eb47994d4144e785be504c77ced6b63c9c44a7d856dafc8823fd4
                • Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
                • Instruction Fuzzy Hash: CA31F2B2600504AFD711DF59CC80B6ABBBAEF89650F19409DE948CB341DA35ED42CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: adde621d11e82814be8dc042bb7ec8d4557ae340eebe780d4c06c3a6b46b4237
                • Instruction ID: 01056eefd1f5e2823f7e4396cb5745f6dc2949c4c6b66267bb16d6e8f2bfcece
                • Opcode Fuzzy Hash: adde621d11e82814be8dc042bb7ec8d4557ae340eebe780d4c06c3a6b46b4237
                • Instruction Fuzzy Hash: BC31D475A00265DFDBB5DFACC888BACBBF1BB58358F18815DC80467342C335A980CB56
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                • Instruction ID: 10212bb7f957e8c9bec90f8334c0272a8bfde96f1c7e3f6b65c9e670ba287614
                • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                • Instruction Fuzzy Hash: C6319A31600644EFD721DF68C884F6AB7F9EF44350F1006A9E9158B690E730EE01CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                • Instruction ID: 6acd779f82162b4dd303e44a1419ee78d551c75c44a90828c91a353c5f5e9661
                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                • Instruction Fuzzy Hash: B8218172600119EFD721DF59CC88EABBBBDFF86640F114159FA0597250DB34AE02CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b107ee753878d0d75c59323be782299f3e0cc96936ad708c1d3b1decc930d9fb
                • Instruction ID: bd61296b5e27444d84c3adfc2e3c8d3049d7c32aef417cbb21bd7e6e6ff57c97
                • Opcode Fuzzy Hash: b107ee753878d0d75c59323be782299f3e0cc96936ad708c1d3b1decc930d9fb
                • Instruction Fuzzy Hash: D121D63A241680CFE325CB2DC998B7677E8FB51704F184496E98287751D738DC82C720
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a7cf54d5287e0e4930e37460f9062a2be27ee3f87b76032d5e8222e5e786f0a
                • Instruction ID: f5f0232ed37b1854b1f8b2671ec46f1d2b3f1b4af06c1642d58aa90a55081bd0
                • Opcode Fuzzy Hash: 4a7cf54d5287e0e4930e37460f9062a2be27ee3f87b76032d5e8222e5e786f0a
                • Instruction Fuzzy Hash: B6316F31601B04CFD726CF28CC44BA6B7E5FF89724F14456DE59687B90DB75A901CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7563571f1c3c4b5cd7559a620c53333d97921bc0e303d3cfebe12e264a2d0ab
                • Instruction ID: 80ba08cb737c045c9d62dbfb25456c4db0797b946039f99e31e6d109b8679039
                • Opcode Fuzzy Hash: e7563571f1c3c4b5cd7559a620c53333d97921bc0e303d3cfebe12e264a2d0ab
                • Instruction Fuzzy Hash: 2D31B475E1021D9BCB11DFA8C844AEDBBF5BF88650F14816AEA01B7251D7749841CF64
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29017dd99fecc10f93a49b7e71a00ee56b3ea81e8fdafc00c50f66aea20ddd77
                • Instruction ID: e8b7d5e5813f260cf1b219acd1ddcfcd3a453cc693db529f8ee1dcda8c2e0ca3
                • Opcode Fuzzy Hash: 29017dd99fecc10f93a49b7e71a00ee56b3ea81e8fdafc00c50f66aea20ddd77
                • Instruction Fuzzy Hash: 9621DE3AA04625ABEB229F49CC84F9EFBB8FF47710F014069E9049B210D730AD12CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db2527326902e2908b8875fb124678b1f587310d661ecbfd52fccbad43b449b9
                • Instruction ID: a10f86136aeee8eccb5bcc5a095d90c5ed374054ec1002290a1f3cc0812784a6
                • Opcode Fuzzy Hash: db2527326902e2908b8875fb124678b1f587310d661ecbfd52fccbad43b449b9
                • Instruction Fuzzy Hash: 2021D8311006059BCBF2AA68DC40B3777A6EB50324F10475DEC56467EBFB3098C2CB9A
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                • Instruction ID: fe94f510c7392fffbdcbd21ae36bc59dcf5c2bb2cbe25167e126a2cfe627af2e
                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                • Instruction Fuzzy Hash: 31218BB1A00205EFDB21DF69CC44AAAFBF8EB54314F14886EE949A7210D770ED00CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5759a9d49a7fd7fb6755ae96bb9d782b44a802e58f7f13d07a1caf7566ac32f2
                • Instruction ID: 15fc389bf947e669f4f738999f18ad8b11822d8a3e9727fae023015d67efff2d
                • Opcode Fuzzy Hash: 5759a9d49a7fd7fb6755ae96bb9d782b44a802e58f7f13d07a1caf7566ac32f2
                • Instruction Fuzzy Hash: 39219272600109EFC710EF98CD81B6ABBBDFB44718F154169E904AB251D771ED01CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                • Instruction ID: 83f9eea9605f728cf605eb36190e3aadf40ca8ef24e2fa7375e81c93e1d25cc2
                • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                • Instruction Fuzzy Hash: AC31CC71900625DFD768CF68C8806B9F7F4FF88210F1486AACC6A97760FB70A981CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d180e5d06c564329ebabadf9c6b0423aa03b79bf9732a88cc02ec11fb1043819
                • Instruction ID: cd7bf80b302b0f13c920b8c2a61ad0a0879a5f0e51f3490dc7a26cf707a2ddf7
                • Opcode Fuzzy Hash: d180e5d06c564329ebabadf9c6b0423aa03b79bf9732a88cc02ec11fb1043819
                • Instruction Fuzzy Hash: 172129326057819BF722976C8C58F203B99EB81774F19076DFA209B7E2EB689885C314
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b453cff94bb6babc20d88dce951d12a6d53839aae65d802c1cab0f8786af19f
                • Instruction ID: be75a780617acedee8409652530d82f4181ec603bc709bf4ea6d62b76034c526
                • Opcode Fuzzy Hash: 8b453cff94bb6babc20d88dce951d12a6d53839aae65d802c1cab0f8786af19f
                • Instruction Fuzzy Hash: 0111DF35901202ABCB709B68CD80AAABFF6AF14710F14016AE84797780E7319882C790
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                • Instruction ID: d7612fc4b2e32b5b588ba5733936878971195c00e0fd8910511c07464fb65dda
                • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                • Instruction Fuzzy Hash: 0411E672600605EFD7229E58CC41F9ABBADEB85750F10406AFE058F640D671EE44C754
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                • Instruction ID: ba4b87a15eea2141b150e91847cdf2de6d387077ea34a0f5143ab8d52951da38
                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                • Instruction Fuzzy Hash: 4E217972600A41EBD731DF0DC944A66F7E5EB94A10F2482AEEA4987711D771AC01CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a81deacf365f6dc07608a8e631f6ed789808ee75d8bf9838f048bf8c9f1ceb2
                • Instruction ID: 4d5291ea545e362d1db03afe1faf311a88caffab0b80f45f3fff49ae158e0358
                • Opcode Fuzzy Hash: 8a81deacf365f6dc07608a8e631f6ed789808ee75d8bf9838f048bf8c9f1ceb2
                • Instruction Fuzzy Hash: 32213671600600EFD734EF68CC80B6AB7E9FB49650F10896DE5AAC7751DB70A842CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d9c8f4ce5a22e3fd9880fe98aa540d1a485f654eb7513128d8570f4f9715576
                • Instruction ID: ff5d3e768bc86ba18685b9cfb1fbe42acd73708410755ac9b5cb918070a58ba4
                • Opcode Fuzzy Hash: 2d9c8f4ce5a22e3fd9880fe98aa540d1a485f654eb7513128d8570f4f9715576
                • Instruction Fuzzy Hash: 2111EE392426518FE7269B2DD8A4B75B7E9EB01B14F08049FED838B741E36DDC81C768
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a33eb81ca41dbf6ba682a54f1ebbc36fd0b0a277a42a6f462e81b5974236db29
                • Instruction ID: e35960e473d6ffd9c43e5bb0a191099d36b8e4912427e93df62a637d61a3168f
                • Opcode Fuzzy Hash: a33eb81ca41dbf6ba682a54f1ebbc36fd0b0a277a42a6f462e81b5974236db29
                • Instruction Fuzzy Hash: 7F118E333051249FCB19DA989D81A3BB35BEBC5730B28423DDD2AC7380DA319C02C6D5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153d7457cdd436645196523eda7e82ad81882d4f08b50ae9b3bc9c48fd7a5ad8
                • Instruction ID: 543dc6109bd2b431b1db53dc76bb0fcea115fe9df4830a25f7f842e3c5674c84
                • Opcode Fuzzy Hash: 153d7457cdd436645196523eda7e82ad81882d4f08b50ae9b3bc9c48fd7a5ad8
                • Instruction Fuzzy Hash: 3A212572041601DFC762EF68CE40F1AB7BAFF28718F15856DE149866A2CB34E942CB48
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                • Instruction ID: 6be7cf14766b99b9f7de865074ec6bee44fd628ee523c4064c5e1bbef8552aeb
                • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                • Instruction Fuzzy Hash: D311B232A00519AFDB1ACF58C805AADFBF6EF84210F048269EC4597354EA31ED51CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                • Instruction ID: a22fe2a8ceea02dcf7c783c182eb13139562e049f405472cc23f7f413d5a35ba
                • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                • Instruction Fuzzy Hash: DC118E32A01304EFDB26DF64CC04F6AB7B9EB85755F14859DE8019B341EB71AC46CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a738d4b98885497308a06c037b665c12fb3ec7e3ef672c866c3c474971d793c
                • Instruction ID: 0ed9237b6bfdc14f5d21e9369a96fd89c78e4f2f8e0a2bf5844d006b43cb051d
                • Opcode Fuzzy Hash: 9a738d4b98885497308a06c037b665c12fb3ec7e3ef672c866c3c474971d793c
                • Instruction Fuzzy Hash: D8218878502606CFCB26EFA8D814A24BBE2FF85324B50C26FC115CB799EB318491CF06
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ff4131972874fa7a94d0bc72c5c644bb2a9b8ffb2e1e257a76b7d458c770b24
                • Instruction ID: 61f4c0245c576871343225cf8f7cfb33432bda3d0259e9adc405f45735479bb2
                • Opcode Fuzzy Hash: 5ff4131972874fa7a94d0bc72c5c644bb2a9b8ffb2e1e257a76b7d458c770b24
                • Instruction Fuzzy Hash: BA112636744640ABF322932ECD98F763B9DEFD0B94F140079B9058B3D1EAA4DC40C225
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e185220543198861dae5a4d0fe3f0c05f7a6151aba1703c7923382f5990ffe91
                • Instruction ID: f01e7c4c13351e937144031edf1d7b3375c9c7c24423f4fe27e1b2bebd3025f7
                • Opcode Fuzzy Hash: e185220543198861dae5a4d0fe3f0c05f7a6151aba1703c7923382f5990ffe91
                • Instruction Fuzzy Hash: D4112B71744301A7E730BA6D9CA0F16B799FBA0720F14812EFA0297281DBB0E801C759
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5ae72c3ce835af68bc2f0c2b2f80b90db8f9fa0b567762f119e9045bc41bee3
                • Instruction ID: d3765bba5162ac01813fbfcb19d69d7a8089aea1fe0c8d1fc9155fb38c9aeb20
                • Opcode Fuzzy Hash: f5ae72c3ce835af68bc2f0c2b2f80b90db8f9fa0b567762f119e9045bc41bee3
                • Instruction Fuzzy Hash: 1011E1367006079FCB24AF7DDC95A2BBBE6FB94A14B00052DE94283661EB21EC11CBD1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                • Instruction ID: 77c461664090c44f6f889fc2f0de6d8c35f8c2ce45b0816aaf6dbfeea2f5e733
                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                • Instruction Fuzzy Hash: F511C4336056828FE723E76CDD68B357BD5EF41B54F0904A8EE1487792EB29D882C264
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 503b3c0e9221ab70e7a5be4499d38fc0e576c0497abd5303cd19c0292316c5b6
                • Instruction ID: 546f42b40c39fbed718ef5fb01219d4f2300ea5a48b1ba2e0b275774b85f0674
                • Opcode Fuzzy Hash: 503b3c0e9221ab70e7a5be4499d38fc0e576c0497abd5303cd19c0292316c5b6
                • Instruction Fuzzy Hash: F501AFB2605605CFD3259F18DC40B22BBF9EB85729F25846AE9058B792C374DC41CBD0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71d8c2dc71a6786d4736b0889db9b7503084f0bfebf47b4000aef4d8602c1ad1
                • Instruction ID: b63b069dcddfc5b8d98ff935bf49bc48afa299e285682b4744200a4425c6063c
                • Opcode Fuzzy Hash: 71d8c2dc71a6786d4736b0889db9b7503084f0bfebf47b4000aef4d8602c1ad1
                • Instruction Fuzzy Hash: 02012872101605EBC3729A56CC50E27BB9EEB817A0F15812DE9254BA41CB30D802C7D4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcfeac2e2d1dbb9dcf3c2a4f40be2327eb6663b6f13c4d3b9805a94ecdcbebb8
                • Instruction ID: 38ce2332e3f996707ccbb3600edbda6249309a80522e655f0e14bba54f2bd8a2
                • Opcode Fuzzy Hash: fcfeac2e2d1dbb9dcf3c2a4f40be2327eb6663b6f13c4d3b9805a94ecdcbebb8
                • Instruction Fuzzy Hash: B011F5766015549FCB29EF8CCE40F6AB7BAFF08A11F16016CE905A7752C328EC01CB98
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 667bd1ee59a62a66f1cf12c0084314224e12cd5996862b006c4d3aa7393cd96c
                • Instruction ID: a5866793dc321271838fad3e0255e1c2146da8c194c6aea8b8b48b7061218148
                • Opcode Fuzzy Hash: 667bd1ee59a62a66f1cf12c0084314224e12cd5996862b006c4d3aa7393cd96c
                • Instruction Fuzzy Hash: 0D116D72A01219ABCB10DFA8D845EAEBBF8EF54710F40406AF904EB380D674AA00CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                • Instruction ID: 43d7d93208b7810940bb1be2f562b80610ca02be9bbc18f34b643ac26216b664
                • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                • Instruction Fuzzy Hash: 73012832200B01AFEB62D66ADD04A6B77EAFFC1B90F44845DAF4287741DB31E801CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 808f4c12d3aba56174d526603ad6467b6f2759fd11739a9d58d6562eb9a06ded
                • Instruction ID: aa068132fd04f2e349f09f8e9e5ac00facebd1b2131ab555cd9f8378b7dda171
                • Opcode Fuzzy Hash: 808f4c12d3aba56174d526603ad6467b6f2759fd11739a9d58d6562eb9a06ded
                • Instruction Fuzzy Hash: B8018F722019467FD361AB69CE84E13F7ADFB55660B00026DF50887A11DB74EC52CAE8
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c91ef3a6b1ab1a9216a4080ed0689823a4623e3a93c5862f9c54f4441ed1149
                • Instruction ID: 2d6fd302ceb07e6b81803963db2076cf08091ee36dab561d78247d14679b10b2
                • Opcode Fuzzy Hash: 3c91ef3a6b1ab1a9216a4080ed0689823a4623e3a93c5862f9c54f4441ed1149
                • Instruction Fuzzy Hash: 9A01B171A01259AFCB10DFA8D845EAFBBB9EF44710F00406AF950EB380DA74EA00CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 539104cdcf8d9f8b643e7bb46b663ea9416fbd8750745fb9a8b0cdf013fe7047
                • Instruction ID: 23340acb0053d8c9e265a80a8b68db8d77f5945f5fc3ac28455cf1b8c54ade02
                • Opcode Fuzzy Hash: 539104cdcf8d9f8b643e7bb46b663ea9416fbd8750745fb9a8b0cdf013fe7047
                • Instruction Fuzzy Hash: 5D019271E01219ABCB14EFA8D845EAEBBB9EF44710F00405AF900EB380D6749A00C794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                • Instruction ID: 9c9af230642f68b0a0efc463793f67212735489eb9226039bd4d8e63b11a59aa
                • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                • Instruction Fuzzy Hash: A5118B72410B02DFD7729E18CC80B22B7E2BF10722F19C86DD9894A662C778E881CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f4e3b2fd8e2c86f5b07f39bf817f2142f3db9774dab7249ee1ebd2e54d21a9d
                • Instruction ID: 80b8b81b9a1191d7a8451ee0ba370c6890c089f0c3151ea1a945ebc6bfd5f19d
                • Opcode Fuzzy Hash: 9f4e3b2fd8e2c86f5b07f39bf817f2142f3db9774dab7249ee1ebd2e54d21a9d
                • Instruction Fuzzy Hash: 4901B571A01259AFCB10DFA9D845EAFBBB9EF44710F00405AFD01EB380D674DA00C794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8d996ca5b578ab3ea19e20d00be1d4a17a56afadcd2d1855bd51e23577221f5
                • Instruction ID: dc152a79508985caf62791173f82433a7480363a54a9c887fa2ba1f852a76ee3
                • Opcode Fuzzy Hash: e8d996ca5b578ab3ea19e20d00be1d4a17a56afadcd2d1855bd51e23577221f5
                • Instruction Fuzzy Hash: 22017571A01219AFDB14DFA9D845FAEBBB8EF54710F40405AF904EB380D674DA41C794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcc2d7515126d6969ea9967eb0e96b5c41bb7c397f64c463eb7df8efa2cae172
                • Instruction ID: 37f3059cbc8b04c324505f342b33595dd74331bce71a09e4b092ecc2cf4761a6
                • Opcode Fuzzy Hash: bcc2d7515126d6969ea9967eb0e96b5c41bb7c397f64c463eb7df8efa2cae172
                • Instruction Fuzzy Hash: AA018F31A001459BC724EF69EC149BE77B9EB95134F55406EAE0697344DF30DD02C795
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                • Instruction ID: 3a9dd93e50510a98335dce4c5463051b9fe1cd6c599da791c44b07f122bb43d3
                • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                • Instruction Fuzzy Hash: BE017B32B00160EBEB119B98CC64F65779AEB90B38F104159EE498B391DB34ED45CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dcb2fe641db1b9ed5962076c0c4409c2a7e2d798e5f8cebea023edce2dff2bf4
                • Instruction ID: aaaab10e6800166244a63e6e562fd330a4a5e3bdc281654a41839633fcc93cb8
                • Opcode Fuzzy Hash: dcb2fe641db1b9ed5962076c0c4409c2a7e2d798e5f8cebea023edce2dff2bf4
                • Instruction Fuzzy Hash: 17014CB1A0021DABCB00DFA9D8419AEB7F8FF58300F10445AE901E7340D774AA01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b17f9074da8c9f55449e9ec6b73c2b4fb23b781babb539a8ea6e495e876b7be
                • Instruction ID: d898ceeb3bae42f7e7e30ecb5c92f5489c89092d4afe46be8e4715a53c5fe13d
                • Opcode Fuzzy Hash: 1b17f9074da8c9f55449e9ec6b73c2b4fb23b781babb539a8ea6e495e876b7be
                • Instruction Fuzzy Hash: FD014C72604786DFC721DF68C844B1AFBD5BB84310F04C529F98583295EE34D941CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                • Instruction ID: c35c5a9959d95c70c88d83e7f126113f78e04ba908bf910f823e8c13314d3087
                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                • Instruction Fuzzy Hash: FC017172300584DFE326875CCD88F667BDCEB95654F0900A1EA15CB751E728DC81C625
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1433be059a5e9bbde85a93753b089367ef81e4d8a5d4fe6468b21f6a5a5e35e4
                • Instruction ID: ef31aa9cd2ed6f870ada89d5c927f4cfe1840062050b680a70b83ee0ca0762e1
                • Opcode Fuzzy Hash: 1433be059a5e9bbde85a93753b089367ef81e4d8a5d4fe6468b21f6a5a5e35e4
                • Instruction Fuzzy Hash: B4018471A00259EBDB10DFE9DC05EAFBBB8EF54700F40406AF905EB280D674D900C798
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ee381983837ace6d13c40afc47a47b61c660e01a34236af8854a0a7cd58881c
                • Instruction ID: 3b05f935a9766fde9e2601231febfbc196a77ed96ee5060a124c1fb5e134c919
                • Opcode Fuzzy Hash: 5ee381983837ace6d13c40afc47a47b61c660e01a34236af8854a0a7cd58881c
                • Instruction Fuzzy Hash: 7F018471A01219ABDB24DFA9D845FAEBBB9EF54710F00406AF910EB380DA749940C798
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f32ddfc357baeb22f4c4cf91165c2f8ece44fbc0389bc477b9df234c941d3c0b
                • Instruction ID: 579b1b319442c9d99bcc861e49aab59418022be39855bbfd7c563e2f4d77dfe9
                • Opcode Fuzzy Hash: f32ddfc357baeb22f4c4cf91165c2f8ece44fbc0389bc477b9df234c941d3c0b
                • Instruction Fuzzy Hash: E2012171A0121D9FDB10DFA9D9419AEBBF8EF58710F10405AF905E7340DA34AA01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f1f914d2972a4d9b056db42505832ce129690dc5478fa19963e47cb3246f585
                • Instruction ID: 313219228b7f6721f50bd0eda2bd68dc419212987cbbb92dffcd67187ea5be87
                • Opcode Fuzzy Hash: 1f1f914d2972a4d9b056db42505832ce129690dc5478fa19963e47cb3246f585
                • Instruction Fuzzy Hash: 9E012C71A0021DAFCB00DFA9D9419AEBBF8EF58710F10405AF904E7341EA34AA01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da8b56969d075a0b9bf693a2e2eb26c6b6a875413e1883fe1f91fe68aa40e4a3
                • Instruction ID: 128493c1bee23e76e348f60022850c3c9c6c7ccac6c85fc998406f64a8579a48
                • Opcode Fuzzy Hash: da8b56969d075a0b9bf693a2e2eb26c6b6a875413e1883fe1f91fe68aa40e4a3
                • Instruction Fuzzy Hash: 83011AB2A00219ABDB00DFA9E9519AEBBB8EF58710F10405AF904E7340D634AA01CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                • Instruction ID: b22afa21d1034c1ec40131f507f226c0ef9ba18c6fb15783f646d584f2fcd390
                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                • Instruction Fuzzy Hash: F8F0C8B36015239BD7725AD98C84B67BAAB8FD1AA1F160039FA059B384CB60880286D4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                • Instruction ID: 19714e2d93d398c7107a1cb7ff065e69aa077bfa77de8f015cec3fa4a6fa97a2
                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                • Instruction Fuzzy Hash: 0F01A9332005849BD322975DCC48FA97F9AEF51794F094065FE158B7B2DB75C841C329
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4bdc5a319ed2023437d438b48f18bc23f26ec562f48ab0ca9927817477124b04
                • Instruction ID: 237c577dc60c8d7f5d778d74f5cc3057f1bd316c1f7a8165da0ec3c06449e788
                • Opcode Fuzzy Hash: 4bdc5a319ed2023437d438b48f18bc23f26ec562f48ab0ca9927817477124b04
                • Instruction Fuzzy Hash: 3101AD35200608ABD731DFA8DC05FABBBFEEF44610F10016DE90583290CBA1BA04CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb45c5068646c1a07a9d7dcfec27851fb522bdda4220f4efd4b6c6dc015a6675
                • Instruction ID: 5ca882e444f0442eac870a9df0b6620d7367c1d7286008d27c36a79db7e7c779
                • Opcode Fuzzy Hash: bb45c5068646c1a07a9d7dcfec27851fb522bdda4220f4efd4b6c6dc015a6675
                • Instruction Fuzzy Hash: B3014F71A006199FDB10DFA9D845AAEBBF8FF58710F14405EF905AB380D734AA41CB98
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8ae52535d6aae19ca82aec21611d79bceca9a5e84e05eaf1ed212dceca587c3
                • Instruction ID: 096e773ade8ef6edd2fd729d6b1822345a24f7124c347023161074f802935657
                • Opcode Fuzzy Hash: e8ae52535d6aae19ca82aec21611d79bceca9a5e84e05eaf1ed212dceca587c3
                • Instruction Fuzzy Hash: EB01A472B04218ABDB14DBF9D8059FFB7B9EF54710F00809AE911EB290EA7499008794
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a81451cabae2fbd7565a6e59accff820e8cc63b5510103d1882d560269148be
                • Instruction ID: 1a2bf0431b1c53b48744fabcd4f66df4e36112a93d483d54181bffe6b7ccb517
                • Opcode Fuzzy Hash: 8a81451cabae2fbd7565a6e59accff820e8cc63b5510103d1882d560269148be
                • Instruction Fuzzy Hash: 02F0C833282651A7D63277B58E68F26B9A7FBD5F40F14056CB7004B360CF64CC42C698
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                • Instruction ID: a23135959980e48695f55a78364a70ab150534e35bc01913c760b40e27106900
                • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                • Instruction Fuzzy Hash: 4B01D13254064AAFDB22AB18CCC8F2AB799EB10B20F048245FD158B291D7B4DD408B96
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                • Instruction ID: 7dc32a685cb1ac415e732e20dd0fa92e0a6b22cc7969fac5cc6b6b8d2e45de39
                • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                • Instruction Fuzzy Hash: F6F02831A013069BEB50DB688C10FAABBA8EB50B54F048199DE01D7300DB31D8419290
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bfbccb8ec2ae1ac76353fbe4de7a636a8b485d1293531c9ed9419e3114d3f16
                • Instruction ID: 3c446932695c412c7ef3d85b26a4253fda92663fa433a220cce8280d77c51e3f
                • Opcode Fuzzy Hash: 0bfbccb8ec2ae1ac76353fbe4de7a636a8b485d1293531c9ed9419e3114d3f16
                • Instruction Fuzzy Hash: 4AF0AF31B00658ABDB14EBA9E805E7EB3A9EF54A00F0040A9E901EB690EA30AD01C745
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                • Instruction ID: 00a7a3d79be88904971a325c555e41620fd8d57bc524a57c3f7ab54d762c943d
                • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                • Instruction Fuzzy Hash: 93F0F031614208ABE758DB29CC00B56B7EEEF99301F1080BC9989C7260EAB6ED02D354
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c7edd0113c76d3627aa6337e4a7c351106353d9d0680528b87fc2fbaa81b7ee
                • Instruction ID: 9722d5692f66801a5e2ed6d03a9ab04869acb4b3a346bbedd59c4873b5e7378c
                • Opcode Fuzzy Hash: 4c7edd0113c76d3627aa6337e4a7c351106353d9d0680528b87fc2fbaa81b7ee
                • Instruction Fuzzy Hash: 7D013C71A01209AFCB14EFE9D945AAEB7F5FF18700F40805AB945EB381E634AA00CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08e0d4108edc3afe0ca3128465e231ea2befae7b26dfeb0ddfd3a61a8fa34234
                • Instruction ID: ef8fe79c1a3e4b1207077cb9f748a2f45b222329c661231f26eba508ea2a6027
                • Opcode Fuzzy Hash: 08e0d4108edc3afe0ca3128465e231ea2befae7b26dfeb0ddfd3a61a8fa34234
                • Instruction Fuzzy Hash: 35F09AB2915AA3DEF7368B2C8844B22BFE89B05770F54896AD50687302C7A6DCA0C251
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d23b8e5bea226fa0ed03a2f39176f8270401169319adbb3a74e2b3e530650ae4
                • Instruction ID: 490ff2f3c8aab9fc016e00d0e4172e0f6f3caa153dcf88727fad83005f17a28f
                • Opcode Fuzzy Hash: d23b8e5bea226fa0ed03a2f39176f8270401169319adbb3a74e2b3e530650ae4
                • Instruction Fuzzy Hash: 19F0A76E41518D8BDF339FBC65152D1FBD5D755120B294586D5501720FC634C893CB21
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                • Instruction ID: f54883fdb9cb226dae27c42bc5692f3e483dfcd00b35c223ef9ea0f425504c57
                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                • Instruction Fuzzy Hash: 26E02B323405016BEF119E09CC84F03375EDF92724F0040BCB9005E242CAE5DC0887A4
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8e453bbe850d9dbaea32f563f6fbfe062ae9636ed6428a31bd4e34a5b342e58
                • Instruction ID: 7ae135e032eb9e64c02b81e310ed899ee80c5bd26ca17357edfad936d122b385
                • Opcode Fuzzy Hash: b8e453bbe850d9dbaea32f563f6fbfe062ae9636ed6428a31bd4e34a5b342e58
                • Instruction Fuzzy Hash: 4CF0B470A046189FDB14EFB8E845A6EB7B9EF18700F10809DE905EB280EA34D900C758
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d79b8a39840980c33212ea7fe7cd65e33891a5d93eff1931747888431eeed64
                • Instruction ID: a1331e302b47e850318e792f3568c81af297c7639c993e53297fa39eca8c1d57
                • Opcode Fuzzy Hash: 0d79b8a39840980c33212ea7fe7cd65e33891a5d93eff1931747888431eeed64
                • Instruction Fuzzy Hash: 8FF09071A142599BDB14EFA8E905E7EB7B9EB14300F004499A905DB380EB349900C784
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d47caf69219b2128bbf4f41a9dfb0f7342e45169cba792f11056553539b5273
                • Instruction ID: 2a592465241c78287756d6dfe287b37c50a0460db5227caf86e8e4d73418938c
                • Opcode Fuzzy Hash: 4d47caf69219b2128bbf4f41a9dfb0f7342e45169cba792f11056553539b5273
                • Instruction Fuzzy Hash: 32F082B1A04259ABDF10EBA8E906E7EB7B9EF14700F04049DFA05DB380EA34D900C799
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7f321df95f45a2b6053beae45c5b8aa204f4089b9a98510e53adf2aff24e07e
                • Instruction ID: bb14ecc35d642c308ba169e4c4b1ad1eee230413c50e6808a5629df21c08f835
                • Opcode Fuzzy Hash: e7f321df95f45a2b6053beae45c5b8aa204f4089b9a98510e53adf2aff24e07e
                • Instruction Fuzzy Hash: 39F08271A04269AFDB14EFA8E905E7EB7B9EF14700F44409DF905DB281EA34E900C799
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c77b6dfad827843addce5c2fb64e352527dbf8fe32a63151554b7e554542defb
                • Instruction ID: a989ad6961eb20fe02e60d2aac9ac4d485c332f431e06662ef908cb9098023ed
                • Opcode Fuzzy Hash: c77b6dfad827843addce5c2fb64e352527dbf8fe32a63151554b7e554542defb
                • Instruction Fuzzy Hash: 36F08971A052489BDF14DBF9D846E6E77B9EF14704F40009DE605EB280E974D900C758
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0bf160f795ec087c9c4a7b5c7ca25263ae9c6cd6db3fa85bc721ed57911e0ac
                • Instruction ID: 309f622bb36e88b6162d601faee26db9516f5400c60b3e9516528859c0db2f28
                • Opcode Fuzzy Hash: b0bf160f795ec087c9c4a7b5c7ca25263ae9c6cd6db3fa85bc721ed57911e0ac
                • Instruction Fuzzy Hash: 13F0E235902145ABDF12AB6CCC84BBABFB2AF14314F040259D891AB269E725D802CBC9
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a271f0131ea0e1ff10b3e670964862be890b794c9e4486da685cd63359e90d8d
                • Instruction ID: a055100a237cd4a9341b9c9eae54cfb3fc353aa1bb32ad864ebc7df8bc42d668
                • Opcode Fuzzy Hash: a271f0131ea0e1ff10b3e670964862be890b794c9e4486da685cd63359e90d8d
                • Instruction Fuzzy Hash: B2F0A731911699AFD772D71CDD44F16BBD8AF01B70FA540A5E90587B03D768DC80CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                • Instruction ID: dfd7ad2ae1bfbbfdcfda71b59f4786dddbac4bd7889a3ba90576c076d1b8fd1c
                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                • Instruction Fuzzy Hash: 8BE0DF32A42128FBEB61AAD99E05FAABFADDB58A60F0001D9FE04D7150D9609E00C2D0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                • Instruction ID: 714c566ffe5745b21b0f1301a50e420894e773158c0f366a5b98c42d0ec78efb
                • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                • Instruction Fuzzy Hash: 72E02BB120014693CF72AA48CC00FB6B79AAF52708F088175ED028B241D770DC42C7D0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64dd4627bf52e47b662fa54f03b25fcd6fd0ac0451528249ab7783b362e6c322
                • Instruction ID: e17cd6f2a6b8b8a1a4296a11cf01a896c98fa81c2ae5f5bdc2cc78f05e968d62
                • Opcode Fuzzy Hash: 64dd4627bf52e47b662fa54f03b25fcd6fd0ac0451528249ab7783b362e6c322
                • Instruction Fuzzy Hash: B8F01C78891709CFCB72EFE999247287AE5F794361F40C12B910087688D7344451CF06
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                • Instruction ID: 5b4b27599eccd5723e048109fc5ae662a434f527685d0e1cdbfef0335ac08d3c
                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                • Instruction Fuzzy Hash: 5CE08C31280305EBDB225E84CC00B69FB5A9B507A1F104035FE085A690C6719D91DAC8
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0adbf1b97259e5d064dda88aff470c42d59b057b177d33cd0d121b04affd7a65
                • Instruction ID: 65461630874a304a53e8824ceea2713af26ba8acfaaab3fff6c917465a77a1b1
                • Opcode Fuzzy Hash: 0adbf1b97259e5d064dda88aff470c42d59b057b177d33cd0d121b04affd7a65
                • Instruction Fuzzy Hash: 15D02B6116400057C72E7340CD14B257213F781B65F34451EF2434B990EB6488D5C10C
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                • Instruction ID: f6150e44b1b3f472beabe3ad151b094d94282df2de64cfa265e95726839220af
                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                • Instruction Fuzzy Hash: 1BE08C319006809BCF12DB48CA50F5EBBFAFB44B00F150008A1095BB20CB35AC00CB00
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                • Instruction ID: de94da97c40e8a23f96dedc9050a5e6a9ac861f80b3cd84c8c5640a7908758b6
                • Opcode Fuzzy Hash: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
                • Instruction Fuzzy Hash: 67D02232202070D3CF285A58BD04F63AA06DF80B58F0A006C7D0983A00C1208C03C6E0
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                • Instruction ID: c5cf277e2c090b001cab28e4f4ec9022299f6a6031652afbdea8d3c1e0f90788
                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                • Instruction Fuzzy Hash: B7D0E935352980CFD627CB5DC994B5577A8BB44B44FC504A0E941CB762E72CD984CA10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                • Instruction ID: 7760ce8a97168675225fe7f2597a3980df19ebf3b7b97138ca893312f5234928
                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                • Instruction Fuzzy Hash: C0D0A9314011819AEB02FB14CA187683BB2BB00A08F58266980020EB52C33ACA0AC726
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                • Instruction ID: ce645511c12597656d56ef0c1ba9f6eeffa29aeced2591d99fc0833bb9b73318
                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                • Instruction Fuzzy Hash: F6C08C70280A01EAEB226F20CD01B003AA2BB10B01F4400A06700DA0F0EF78D801E600
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                • Instruction ID: b0b561c9e926462316046c9696e6b0742112ea48fb6e18b7715f9157d3e41319
                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                • Instruction Fuzzy Hash: 3FC01232080248BBCB126F81CC00F067B2AEBA4B60F108414BA080B5608632E970EA88
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                • Instruction ID: 35e868ab6fc6593bb8abc080cfe9c4a7cff2e05a56c9a56a4a29fa79c5c570ed
                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                • Instruction Fuzzy Hash: 42C04C32180648FBC712AE45DD05F157B6AE7A4B60F154025B6040A5618976ED61D59C
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                • Instruction ID: 63cc1989e42e580fde413802271b640420359ccaf57187ef693fbecdb9c40d99
                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                • Instruction Fuzzy Hash: 25C02B330C0248BBC7126F45CD00F11BF2EE7A0B60F000020F6040B671C932EC61D98C
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                • Instruction ID: f67f586ab9e883a398c044f08ea91c88937634ee3e1b77af4404e17425c0d552
                • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                • Instruction Fuzzy Hash: 9FC04C367115418FCF15CB29D684F1577E5F744B45F154894E805CB721E724E850DA14
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                • Instruction ID: 5403ed6201f45fa986769cfebd37fd2651e777133eff88365470c2b878bc7c6f
                • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                • Instruction Fuzzy Hash: FFC04C1E555AC549CE278F2442127D5BFA0D7469D0F191481D4D11F552C11445539626
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                • Instruction ID: f97457452346b826bed2950a4ae47fab710324dcd5568c52e1dbcea280dd54f6
                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                • Instruction Fuzzy Hash: CBB092363019408FCE16DF18C484B1533E4FB48A40B8400D0E400CBA21D329E8408900
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                • Instruction ID: 8fa9f4b4057395ffb83fa15c22b59ce8ba15152502b00430a4e5b34b47568b2b
                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                • Instruction Fuzzy Hash: 9DB01232C10441CFCF02EF40CB10B197336FB00750F054494900127930C32ABC01CB40
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec07b7a9a94a9e814e43df0e4fc093820c974d20f2fdf84954e04d7d5f3c0e95
                • Instruction ID: 998ea237e22e60fa4e1f8b0d56820a7bcef14faeb629912cbf7c9ea976940206
                • Opcode Fuzzy Hash: ec07b7a9a94a9e814e43df0e4fc093820c974d20f2fdf84954e04d7d5f3c0e95
                • Instruction Fuzzy Hash: EC9002A120140413D14069994C056070009A7D1342FD1C011A2064595ECE698C517575
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09b6b0f304592c5f11b188468122b6cd5b47284eeaeb3e0e08d179f3b8e18f43
                • Instruction ID: acbb9fd1ef4b2feb5469f94d5dcc3abdc1d4826219fe43a130accb77489a919c
                • Opcode Fuzzy Hash: 09b6b0f304592c5f11b188468122b6cd5b47284eeaeb3e0e08d179f3b8e18f43
                • Instruction Fuzzy Hash: 369002B120100412D140759948057470009A7D1341FD1C011A5064594ECA998DD57AA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25a6e1a23e6c70fb49f3d899d31b99885459fa238460e33c4327d45b62f502f0
                • Instruction ID: 6303e7832bb77cb46c7a912ddfb624fc89dabe0167a04b51d49f2dc428d12d17
                • Opcode Fuzzy Hash: 25a6e1a23e6c70fb49f3d899d31b99885459fa238460e33c4327d45b62f502f0
                • Instruction Fuzzy Hash: 859002A121100052D104659948057070049A7E2241FD1C012A2154594CC9698C616565
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35ecfe6b66fad9bef808617e04aecc210b9dcf21dddeeebeba5ada6a3fa16f4e
                • Instruction ID: b60fb5e3264ea3aadb3a7a8cc5ff31de4e8e13ce304f3eccc7616d1ee55d8b94
                • Opcode Fuzzy Hash: 35ecfe6b66fad9bef808617e04aecc210b9dcf21dddeeebeba5ada6a3fa16f4e
                • Instruction Fuzzy Hash: 299002A134100452D10065994815B070009E7E2341FD1C015E1064594DCA59CC527566
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1e9cd96b35b7bc0623ebeef010bcd3a5f27f9e72c329d366bc94c1f7b0f55b0
                • Instruction ID: 18f2a4638ab057910d635c9039c804aa08863aa73385688d2481cbd582f3cd99
                • Opcode Fuzzy Hash: d1e9cd96b35b7bc0623ebeef010bcd3a5f27f9e72c329d366bc94c1f7b0f55b0
                • Instruction Fuzzy Hash: 269002A1601140534540B5994C054075019B7E23413D1C121A04545A0CCAA88C55A6A5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0efbe4ebaaeda59e65fdf69af6988b0d5c355155b9374f8f9dbd15b6b82fb15c
                • Instruction ID: 09f8ecf9f7564a52486fc0f2c1e14e29d4e3269660fbf981bd89e3f0abf09e9b
                • Opcode Fuzzy Hash: 0efbe4ebaaeda59e65fdf69af6988b0d5c355155b9374f8f9dbd15b6b82fb15c
                • Instruction Fuzzy Hash: 70900261242041625545B5994805507400AB7E12817D1C012A1414990CC9669C56EA61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b702969e69c6a921d3e109de4e024d41266f2430a162809ac83476ba616040b
                • Instruction ID: 6a2e12aa34331e9c3e45addee9121468f974cf25f0f1b9e967b10614b46668ed
                • Opcode Fuzzy Hash: 4b702969e69c6a921d3e109de4e024d41266f2430a162809ac83476ba616040b
                • Instruction Fuzzy Hash: 5B90027124100412D14175994805607000DB7D1281FD1C012A0424594ECA958E56BEA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd14218b4054de5bc3eb9259f5f2b07d5b0a35a84a3899554b8253741a9d8252
                • Instruction ID: 3a4008e8394dc0c32a93661bfb66905dbe6783a0e0ab6f1482a3bb5d7cc6de67
                • Opcode Fuzzy Hash: bd14218b4054de5bc3eb9259f5f2b07d5b0a35a84a3899554b8253741a9d8252
                • Instruction Fuzzy Hash: 8E90026160100512D10175994805617000EA7D1281FD1C022A1024595ECE658D92B571
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 148e802fb6688f70a60dbc37f2d59e765f51deab635f83647b363caaad65823c
                • Instruction ID: 588e077fc437c54478b2fc9e135969b7c2e905340b5e0c278a87697f16edc260
                • Opcode Fuzzy Hash: 148e802fb6688f70a60dbc37f2d59e765f51deab635f83647b363caaad65823c
                • Instruction Fuzzy Hash: 9B90026130100412D10265994815607000DE7D2385FD1C012E1424595DCA658D53B572
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8b996a9f5035e18d52af2c02cd6e2430e54f7f7ee6397ff296444f705c2c679
                • Instruction ID: fc16acdd0523e7428529de4ab8597cfd9c6d4ab58fda4cd89c3b4ae281c7d03a
                • Opcode Fuzzy Hash: e8b996a9f5035e18d52af2c02cd6e2430e54f7f7ee6397ff296444f705c2c679
                • Instruction Fuzzy Hash: AE90026124100812D14075998815707000AE7D1641FD1C011A0024594DCA568D657AF1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 227e8f3a51ca1e1b5e961f76d54b6097ffebe501a0ddafc1b27d6a6002a07a6d
                • Instruction ID: 2687b5dff657d7430eaf48cedb2a7483561de4c44ffce058c2e07af1f7c4761a
                • Opcode Fuzzy Hash: 227e8f3a51ca1e1b5e961f76d54b6097ffebe501a0ddafc1b27d6a6002a07a6d
                • Instruction Fuzzy Hash: 0B90027120144012D1407599884560B5009B7E1341FD1C411E0425594CCA558C56A661
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d5057c9f80fc9b54fb794d9bde6f1cbd190073df5f7adbf51e7d1cf3f95bd5e
                • Instruction ID: c98d170c7334b5fa25610a2e0e523522671ff00334729e28016e91d60c01916e
                • Opcode Fuzzy Hash: 7d5057c9f80fc9b54fb794d9bde6f1cbd190073df5f7adbf51e7d1cf3f95bd5e
                • Instruction Fuzzy Hash: 9A90026121180052D20069A94C15B070009A7D1343FD1C115A0154594CCD558C616961
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b8723ce12dfbde2e3b0ccd94e5e0845fea0d7fd45c2d6b0f8eac143b621d2d7
                • Instruction ID: 921a64ea89de36c49262a815d819e6d34e5d7bd6a899092421972ec5554a1296
                • Opcode Fuzzy Hash: 0b8723ce12dfbde2e3b0ccd94e5e0845fea0d7fd45c2d6b0f8eac143b621d2d7
                • Instruction Fuzzy Hash: 7A90026160100052414075A98C459074009BBE22517D1C121A0998590DC9998C656AA5
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca93b1a33cbf638fb2d89c57ae0216f283b8977c3a6d071d49cadc373a9454cb
                • Instruction ID: d7b07f0568448c658fb5ed378aa4da39a63be4cf0a6c6d35a2f1cb517a343b79
                • Opcode Fuzzy Hash: ca93b1a33cbf638fb2d89c57ae0216f283b8977c3a6d071d49cadc373a9454cb
                • Instruction Fuzzy Hash: FA90027120140412D10065994C1570B0009A7D1342FD1C011A1164595DCA658C5179B1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8b8b417b51cde73c75cb67a24c807ba0b4327f37d356da29e7b46efe3b5a9bb
                • Instruction ID: 01b7ef112cc8840d8795a7018b8e7ca85ea7bee6bc5a7614692eefc9bc165a28
                • Opcode Fuzzy Hash: d8b8b417b51cde73c75cb67a24c807ba0b4327f37d356da29e7b46efe3b5a9bb
                • Instruction Fuzzy Hash: 3090027120140412D10065994C097470009A7D1342FD1C011A5164595ECAA5CC917971
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6af98349661024932f07018e6cc890aa1b345a611875e455612e1491e7700455
                • Instruction ID: c43b9d68ba94b1d6de696b569ea9420276d1161f038f10809e0fb6e1b130bdf0
                • Opcode Fuzzy Hash: 6af98349661024932f07018e6cc890aa1b345a611875e455612e1491e7700455
                • Instruction Fuzzy Hash: 5A90026120144452D14066994C05B0F4109A7E2242FD1C019A4156594CCD558C556B61
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88ae850d24bc2742b889f2bea623bf0657df2673d770e59e37f6732efafaff0d
                • Instruction ID: ade7901397c1729e0d6b5300d5d0b1a6941ac665c816075e5ebb74930e1c9f8c
                • Opcode Fuzzy Hash: 88ae850d24bc2742b889f2bea623bf0657df2673d770e59e37f6732efafaff0d
                • Instruction Fuzzy Hash: 21900265221000120145A9990A0550B0449B7D73913D1C015F14165D0CCA618C656761
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15fb7ea36b2f69c49e8f7e96585263f7e97c15af30a33ccd3e31df9f2a3b56a2
                • Instruction ID: 3cfe76637cbd29602921f6609cb13298067330ccc67fe3577c3341c4d96cd10b
                • Opcode Fuzzy Hash: 15fb7ea36b2f69c49e8f7e96585263f7e97c15af30a33ccd3e31df9f2a3b56a2
                • Instruction Fuzzy Hash: A5900265211000130105A9990B05507004AA7D63913D1C021F1015590CDA618C616561
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 722f18c5d28c6df978152ff25e785e01cd74316fbd8dc1dbadea8fbde8bcf320
                • Instruction ID: da0600fca1f45107674503fcc8b2269ef421894a49f37f1c3b0e73703f28ae6e
                • Opcode Fuzzy Hash: 722f18c5d28c6df978152ff25e785e01cd74316fbd8dc1dbadea8fbde8bcf320
                • Instruction Fuzzy Hash: 949002E1201140A24500A6998805B0B4509A7E1241BD1C016E10545A0CC9658C51A575
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de8200a96fae7d1c323667d269eb34c28189b8889fe5dd7b73e2ee7b711e95a2
                • Instruction ID: b0272b059f448f4909d6dfd2eeba60181b35087b3188f59c46dfacea39d5c0c7
                • Opcode Fuzzy Hash: de8200a96fae7d1c323667d269eb34c28189b8889fe5dd7b73e2ee7b711e95a2
                • Instruction Fuzzy Hash: 31900271A0500022914075994C15647400AB7E1781BD5C011A0514594CCD948E5567E1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfa908b2f3e08ce5e1e5991fbde705fbe90f0eeed1ae291a6f5796daa35e8247
                • Instruction ID: 92897be8a9fa43ed7e81546974839150601478268c60784a9e53454e0eb36afc
                • Opcode Fuzzy Hash: dfa908b2f3e08ce5e1e5991fbde705fbe90f0eeed1ae291a6f5796daa35e8247
                • Instruction Fuzzy Hash: 2690027120100812D10465994C056870009A7D1341FD1C011A6024695EDAA58C917571
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8822fdad1f09637044eb84b9c372266859bac4c84930920ffca4c4b7b2dc6b99
                • Instruction ID: cede864c6cd19e6adcb3ee1d7a6029f0d082dbc6a21b69fd4355fc9bc0ec4c71
                • Opcode Fuzzy Hash: 8822fdad1f09637044eb84b9c372266859bac4c84930920ffca4c4b7b2dc6b99
                • Instruction Fuzzy Hash: 8A9002A120200013410575994815617400EA7E1241BD1C021E10145D0DC9658C917565
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a4eaff8a0c2e7cf51142fad2ae0da119c38a4d70ed07e6eef0c3ea2fac365c3
                • Instruction ID: 0f336770087a02705a3a982fbcecd89c12728717c68660d838c8e1b2166ff48c
                • Opcode Fuzzy Hash: 8a4eaff8a0c2e7cf51142fad2ae0da119c38a4d70ed07e6eef0c3ea2fac365c3
                • Instruction Fuzzy Hash: 7F90027120100413D100659959097070009A7D1241FD1D411A0424598DDA968C517561
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c772a64aa7e1626273890561931e7fbe8fe469f660fe08f607e60ffe126465c
                • Instruction ID: e0cc19b7b7a8141722a7e5d3a802a2f13318137111a4be24903291e6f029f171
                • Opcode Fuzzy Hash: 2c772a64aa7e1626273890561931e7fbe8fe469f660fe08f607e60ffe126465c
                • Instruction Fuzzy Hash: E490027520504452D50069995C05A870009A7D1345FD1D411A04245DCDCA948C61B561
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2061beb82af45f4d0471c6d382b836d634ca01ebc1bce24a917f69bb3b6d98bf
                • Instruction ID: d881bd7d2a7e1f514dea1421eb1d22c6ad0310622efc3968c5d2408090c99a54
                • Opcode Fuzzy Hash: 2061beb82af45f4d0471c6d382b836d634ca01ebc1bce24a917f69bb3b6d98bf
                • Instruction Fuzzy Hash: 4790026120504452D10069995809A070009A7D1245FD1D011A10645D5DCA758C51B571
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 120ab6b44e9944caeb613d07da388a9ea3340e6414053c883da6989472fb9df3
                • Instruction ID: 7c9efd1ced489ff492ab57ab385f3b7089f079fd36b96673341f87c4746785c8
                • Opcode Fuzzy Hash: 120ab6b44e9944caeb613d07da388a9ea3340e6414053c883da6989472fb9df3
                • Instruction Fuzzy Hash: F790026160500412D140759958197070019A7D1241FD1D011A0024594DCA998E557AE1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8004072c8f6c202de48d2b2a037aab9fd51599a9a0f4d087bb8d47ec4fa981b3
                • Instruction ID: 9093b80709938eca26cb277a0d49fc50af06c57f7443a2721729e20c84839dbb
                • Opcode Fuzzy Hash: 8004072c8f6c202de48d2b2a037aab9fd51599a9a0f4d087bb8d47ec4fa981b3
                • Instruction Fuzzy Hash: 9490027120100412D10069D958096470009A7E1341FD1D011A5024595ECAA58C917571
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c748350f6436100c59a790afa51b45b1e3acfbdc0b96f02fc2af5b60c165a39f
                • Instruction ID: 847f3e43d9c45b46c7a1685a785c69459a53c0eedcd9b7b74c0846ffc854ca87
                • Opcode Fuzzy Hash: c748350f6436100c59a790afa51b45b1e3acfbdc0b96f02fc2af5b60c165a39f
                • Instruction Fuzzy Hash: D8900271301000629500AAD95C05A4B4109A7F1341BD1D015A4014594CC9948C616561
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: caa7eb6665711bb1862c25163416c5c3264b1cc7f32e465f4c57551fdc3adf4e
                • Instruction ID: 5a30a709bdd3ac845578e75a709ab96ee42cf177b318adb4c59526237bc7d994
                • Opcode Fuzzy Hash: caa7eb6665711bb1862c25163416c5c3264b1cc7f32e465f4c57551fdc3adf4e
                • Instruction Fuzzy Hash: 9D90027131114412D110659988057070009A7D2241FD1C411A0824598DCAD58C917562
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f553a8149b573a232151817421c6e2018ef07e91d07eac649ee94ba5c990e1b0
                • Instruction ID: 7c667a369d21c1b6d34d0cf01e144a63dea4b6cf1dec688f2a7033fd922b59f9
                • Opcode Fuzzy Hash: f553a8149b573a232151817421c6e2018ef07e91d07eac649ee94ba5c990e1b0
                • Instruction Fuzzy Hash: 5690026130100013D140759958196074009F7E2341FD1D011E0414594CDD558C566662
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd50abf1d7e69f7f28fddbdc2c661c4cfe8e81dc3dd87690edea7877fd58805d
                • Instruction ID: 4c911f0b882e72717f0d958af59da33ff92756bcd43c44d4761a8a1f2d2c2fe8
                • Opcode Fuzzy Hash: fd50abf1d7e69f7f28fddbdc2c661c4cfe8e81dc3dd87690edea7877fd58805d
                • Instruction Fuzzy Hash: 3E90026921300012D1807599580960B0009A7D2242FD1D415A0015598CCD558C696761
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68374f54a35be553bb0e9da45ebdb92d662ec3be2cb5f24bef6dce0510b00b7d
                • Instruction ID: 78f9e2b20782b46f79759416c2f71f2bdc3c63a7c9e83ec8ef7d83e57af3e7cf
                • Opcode Fuzzy Hash: 68374f54a35be553bb0e9da45ebdb92d662ec3be2cb5f24bef6dce0510b00b7d
                • Instruction Fuzzy Hash: 5F90027120504852D14075994805A470019A7D1345FD1C011A00646D4DDA658D55BAA1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e8c6d1294bfc8e808278ff253744255149bd8b3ca18c7f9d0a48d6c3387c2bd
                • Instruction ID: 3389fd2032030bebce490fd77726f6c4285332c7f3bbb2e35f160e73e5076389
                • Opcode Fuzzy Hash: 6e8c6d1294bfc8e808278ff253744255149bd8b3ca18c7f9d0a48d6c3387c2bd
                • Instruction Fuzzy Hash: D890027160500812D150759948157470009A7D1341FD1C011A0024694DCB958E557AE1
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8600245d30bd0e7360927782d2ec8903f741e7d5270bea415c6b8348ac585e80
                • Instruction ID: b9f715d9c6053bae59b7ac3e88dea38242b7606e6c5051482b4141a61998e1f6
                • Opcode Fuzzy Hash: 8600245d30bd0e7360927782d2ec8903f741e7d5270bea415c6b8348ac585e80
                • Instruction Fuzzy Hash: 7A90027120100852D10065994805B470009A7E1341FD1C016A0124694DCA55CC517961
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: bc73986ea9df5df89962964f85018820f8c38e2fe31dfd9668f17242fd0901eb
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 41%
                			E01657CC0(intOrPtr* _a4, intOrPtr _a8) {
                				signed int _v8;
                				signed int _v12;
                				intOrPtr _v16;
                				signed int _v20;
                				intOrPtr _v24;
                				signed int _t60;
                				signed int _t65;
                				void* _t70;
                				void* _t73;
                				signed int _t86;
                				void* _t92;
                				signed int _t94;
                				intOrPtr _t101;
                				signed int _t102;
                				intOrPtr _t103;
                				intOrPtr _t104;
                				signed int _t105;
                				signed int _t115;
                				intOrPtr _t116;
                				signed char _t117;
                				void* _t118;
                				intOrPtr* _t120;
                				signed int _t121;
                				void* _t122;
                
                				_t101 = _a8;
                				_t120 = _a4;
                				_t121 = 0;
                				_t104 = _t101 + 0x2e;
                				_v24 = 8;
                				_v16 = _t104;
                				if( *_t120 == 0) {
                					__eflags =  *(_t120 + 2);
                					if( *(_t120 + 2) != 0) {
                						goto L1;
                					}
                					__eflags =  *(_t120 + 4);
                					if( *(_t120 + 4) != 0) {
                						goto L1;
                					}
                					__eflags =  *(_t120 + 6);
                					if( *(_t120 + 6) != 0) {
                						goto L1;
                					}
                					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
                					_v20 = _t117 >> 8;
                					__eflags = _t117;
                					if(_t117 == 0) {
                						goto L1;
                					}
                					_t86 =  *(_t120 + 8) & 0x0000ffff;
                					__eflags = _t86;
                					if(_t86 != 0) {
                						_v12 = 0xffff;
                						__eflags = _t86 - _v12;
                						if(_t86 != _v12) {
                							goto L1;
                						}
                						__eflags =  *(_t120 + 0xa);
                						if( *(_t120 + 0xa) != 0) {
                							goto L1;
                						}
                						__eflags = _t104 - _t101;
                						_push( *(_t120 + 0xf) & 0x000000ff);
                						_push( *(_t120 + 0xe) & 0x000000ff);
                						_push(_v20 & 0x000000ff);
                						_t92 = E016A6B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
                						L29:
                						return _t92 + _t101;
                					}
                					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
                					__eflags = _t94;
                					if(_t94 == 0) {
                						_t118 = 0x16348a4;
                						L27:
                						_push( *(_t120 + 0xf) & 0x000000ff);
                						_push( *(_t120 + 0xe) & 0x000000ff);
                						_push(_v20 & 0x000000ff);
                						_push( *(_t120 + 0xc) & 0xff);
                						_t92 = E016A6B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
                						goto L29;
                					}
                					__eflags = _t94 - 0xffff;
                					if(_t94 != 0xffff) {
                						goto L1;
                					}
                					_t118 = 0x164d700;
                					goto L27;
                				}
                				L1:
                				_t105 = _t121;
                				_t60 = _t121;
                				_v8 = _t105;
                				_v20 = _t60;
                				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
                					__eflags =  *(_t120 + 0xa) - 0xfe5e;
                					if( *(_t120 + 0xa) == 0xfe5e) {
                						_v24 = 6;
                					}
                				}
                				_t115 = _t121;
                				_t102 = _t60;
                				do {
                					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
                						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
                						_t60 = _v20;
                						if(__eflags <= 0) {
                							_t105 = _v8;
                						} else {
                							_t49 = _t115 + 1; // 0x1
                							_t105 = _t49;
                							_t102 = _t60;
                							_v8 = _t105;
                						}
                					} else {
                						_t13 = _t115 + 1; // 0x1
                						_t60 = _t13;
                						_v20 = _t60;
                					}
                					_t115 = _t115 + 1;
                				} while (_t115 < _v24);
                				_v12 = _t102;
                				_t103 = _a8;
                				if(_t105 - _t102 > 1) {
                					_t65 = _v12;
                				} else {
                					_t105 = _t121;
                					_t65 = _t121;
                					_v8 = _t105;
                					_v12 = _t65;
                				}
                				do {
                					if(_t121 < _t105) {
                						__eflags = _t65 - _t121;
                						if(_t65 > _t121) {
                							goto L9;
                						}
                						_push("::");
                						_push(_v16 - _t103);
                						_push(_t103);
                						_t70 = E016A6B30();
                						_t105 = _v8;
                						_t122 = _t122 + 0xc;
                						_t121 = _t105 - 1;
                						goto L13;
                					}
                					L9:
                					if(_t121 != 0 && _t121 != _t105) {
                						_push(":");
                						_push(_v16 - _t103);
                						_push(_t103);
                						_t73 = E016A6B30();
                						_t122 = _t122 + 0xc;
                						_t103 = _t103 + _t73;
                					}
                					_t70 = E016A6B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
                					_t105 = _v8;
                					_t122 = _t122 + 0x10;
                					L13:
                					_t116 = _v24;
                					_t103 = _t103 + _t70;
                					_t65 = _v12;
                					_t121 = _t121 + 1;
                				} while (_t121 < _t116);
                				if(_t116 < 8) {
                					_push( *(_t120 + 0xf) & 0x000000ff);
                					_push( *(_t120 + 0xe) & 0x000000ff);
                					_push( *(_t120 + 0xd) & 0x000000ff);
                					_t103 = _t103 + E016A6B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
                				}
                				return _t103;
                			}



























                0x01657cc9
                0x01657cce
                0x01657cd1
                0x01657cd3
                0x01657cd6
                0x01657cdd
                0x01657ce3
                0x016b2bbb
                0x016b2bbf
                0x00000000
                0x00000000
                0x016b2bc5
                0x016b2bc9
                0x00000000
                0x00000000
                0x016b2bcf
                0x016b2bd3
                0x00000000
                0x00000000
                0x016b2bd9
                0x016b2be2
                0x016b2be5
                0x016b2be8
                0x00000000
                0x00000000
                0x016b2bee
                0x016b2bf2
                0x016b2bf5
                0x016b2c74
                0x016b2c7b
                0x016b2c7f
                0x00000000
                0x00000000
                0x016b2c85
                0x016b2c89
                0x00000000
                0x00000000
                0x016b2c4b
                0x016b2c4d
                0x016b2c52
                0x016b2c59
                0x016b2c65
                0x016b2c6d
                0x00000000
                0x016b2c6d
                0x016b2bf7
                0x016b2bfb
                0x016b2bfe
                0x016b2c15
                0x016b2c1a
                0x016b2c20
                0x016b2c25
                0x016b2c2c
                0x016b2c34
                0x016b2c3d
                0x00000000
                0x016b2c42
                0x016b2c05
                0x016b2c08
                0x00000000
                0x00000000
                0x016b2c0e
                0x00000000
                0x016b2c0e
                0x01657ce9
                0x01657cee
                0x01657cf0
                0x01657cf2
                0x01657cf5
                0x01657cfc
                0x016b2c96
                0x016b2c9a
                0x016b2ca0
                0x016b2ca0
                0x016b2c9a
                0x01657d02
                0x01657d04
                0x01657d06
                0x01657d0a
                0x016b2cb6
                0x016b2cb8
                0x016b2cbb
                0x016b2cca
                0x016b2cbd
                0x016b2cbd
                0x016b2cbd
                0x016b2cc0
                0x016b2cc2
                0x016b2cc2
                0x01657d10
                0x01657d10
                0x01657d10
                0x01657d13
                0x01657d13
                0x01657d16
                0x01657d17
                0x01657d1e
                0x01657d23
                0x01657d29
                0x01657d9f
                0x01657d2b
                0x01657d2b
                0x01657d2d
                0x01657d2f
                0x01657d32
                0x01657d32
                0x01657d35
                0x01657d37
                0x016b2cd2
                0x016b2cd4
                0x00000000
                0x00000000
                0x016b2cdd
                0x016b2ce4
                0x016b2ce5
                0x016b2ce6
                0x016b2ceb
                0x016b2cee
                0x016b2cf1
                0x00000000
                0x016b2cf1
                0x01657d3d
                0x01657d3f
                0x01657d48
                0x01657d4f
                0x01657d50
                0x01657d51
                0x01657d56
                0x01657d59
                0x01657d59
                0x01657d73
                0x01657d78
                0x01657d7b
                0x01657d7e
                0x01657d7e
                0x01657d81
                0x01657d83
                0x01657d86
                0x01657d87
                0x01657d8e
                0x016b2cfd
                0x016b2d02
                0x016b2d07
                0x016b2d21
                0x016b2d21
                0x00000000

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 9ac9306e897b73b8906fe3311470e10843c92bd0317e564d76ae04296452ccbf
                • Instruction ID: 7c407db586410ae8d3484ce9219e4b2ec61ea8674e3bdcefcaa3ae7c73e1978c
                • Opcode Fuzzy Hash: 9ac9306e897b73b8906fe3311470e10843c92bd0317e564d76ae04296452ccbf
                • Instruction Fuzzy Hash: 3661C3A2A00116AFCB51DF9DCC909BEFBB8BB58200B94826AEC55D7741D774EE50C7A0
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 63%
                			E016540FD(void* __ecx) {
                				signed int _v8;
                				char _v548;
                				unsigned int _v552;
                				unsigned int _v556;
                				unsigned int _v560;
                				char _v564;
                				char _v568;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				unsigned int _t49;
                				signed char _t53;
                				unsigned int _t55;
                				unsigned int _t56;
                				unsigned int _t65;
                				unsigned int _t66;
                				void* _t68;
                				unsigned int _t73;
                				unsigned int _t77;
                				unsigned int _t85;
                				char* _t98;
                				unsigned int _t102;
                				signed int _t103;
                				void* _t105;
                				signed int _t107;
                				void* _t108;
                				void* _t110;
                				void* _t111;
                				void* _t112;
                
                				_t45 =  *0x174d360 ^ _t107;
                				_v8 =  *0x174d360 ^ _t107;
                				_t105 = __ecx;
                				if( *0x17484d4 == 0) {
                					L5:
                					return E0169B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
                				}
                				_t85 = 0;
                				E0166E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
                				if(( *0x7ffe02d5 & 0x00000003) == 0) {
                					_t45 = 0;
                				} else {
                					_t45 =  *(_v564 + 0x5f) & 0x00000001;
                				}
                				if(_t45 == 0) {
                					_v552 = _t85;
                					_t49 = E016542EB(_t105);
                					__eflags = _t49;
                					if(_t49 != 0) {
                						L15:
                						_t103 = 2;
                						_v552 = _t103;
                						L10:
                						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
                						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
                							_t45 = 1;
                						} else {
                							_t53 = E016541EA(_v564);
                							asm("sbb al, al");
                							_t45 =  ~_t53 + 1;
                							__eflags = _t45;
                						}
                						__eflags = _t45;
                						if(_t45 == 0) {
                							_t102 = _t103 | 0x00000040;
                							_v552 = _t102;
                						}
                						__eflags = _t102;
                						if(_t102 != 0) {
                							L33:
                							_push(4);
                							_push( &_v552);
                							_push(0x22);
                							_push(0xffffffff);
                							_t45 = E016996C0();
                						}
                						goto L4;
                					}
                					_v556 = _t85;
                					_t102 =  &_v556;
                					_t55 = E0165429E(_t105 + 0x2c, _t102);
                					__eflags = _t55;
                					if(_t55 >= 0) {
                						__eflags = _v556 - _t85;
                						if(_v556 == _t85) {
                							goto L8;
                						}
                						_t85 = _t105 + 0x24;
                						E016E5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
                						_v560 = 0x214;
                						E0169FA60( &_v548, 0, 0x214);
                						_t106 =  *0x17484d4;
                						_t110 = _t108 + 0x20;
                						 *0x174b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
                						_t65 =  *((intOrPtr*)( *0x17484d4))();
                						__eflags = _t65;
                						if(_t65 == 0) {
                							goto L8;
                						}
                						_t66 = _v560;
                						__eflags = _t66;
                						if(_t66 == 0) {
                							goto L8;
                						}
                						__eflags = _t66 - 0x214;
                						if(_t66 >= 0x214) {
                							goto L8;
                						}
                						_t68 = (_t66 >> 1) * 2 - 2;
                						__eflags = _t68 - 0x214;
                						if(_t68 >= 0x214) {
                							E0169B75A();
                							goto L33;
                						}
                						_push(_t85);
                						 *((short*)(_t107 + _t68 - 0x220)) = 0;
                						E016E5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
                						_t111 = _t110 + 0x14;
                						_t73 = E016A1480( &_v548, L"Execute=1");
                						_push(_t85);
                						__eflags = _t73;
                						if(_t73 == 0) {
                							E016E5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
                							_t106 =  &_v548;
                							_t98 =  &_v548;
                							_t112 = _t111 + 0x14;
                							_t77 = _v560 + _t98;
                							_v556 = _t77;
                							__eflags = _t98 - _t77;
                							if(_t98 >= _t77) {
                								goto L8;
                							} else {
                								goto L27;
                							}
                							do {
                								L27:
                								_t85 = E016A1150(_t106, 0x20);
                								__eflags = _t85;
                								if(__eflags != 0) {
                									__eflags = 0;
                									 *_t85 = 0;
                								}
                								E016E5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
                								_t112 = _t112 + 0x10;
                								E016D3E13(_t105, _t106, __eflags);
                								__eflags = _t85;
                								if(_t85 == 0) {
                									goto L8;
                								}
                								_t41 = _t85 + 2; // 0x2
                								_t106 = _t41;
                								__eflags = _t106 - _v556;
                							} while (_t106 < _v556);
                							goto L8;
                						}
                						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                						_push(3);
                						_push(0x55);
                						E016E5720();
                						goto L15;
                					}
                					L8:
                					_t56 = E016541F7(_t105);
                					__eflags = _t56;
                					if(_t56 != 0) {
                						goto L15;
                					}
                					_t103 = _v552;
                					goto L10;
                				} else {
                					L4:
                					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
                					goto L5;
                				}
                			}
































                0x0165410d
                0x0165410f
                0x0165411c
                0x0165411e
                0x01654158
                0x01654168
                0x01654168
                0x01654126
                0x01654130
                0x0165413c
                0x016b04a2
                0x01654142
                0x0165414b
                0x0165414b
                0x0165414f
                0x0165416b
                0x01654171
                0x01654176
                0x01654178
                0x016541d0
                0x016541d2
                0x016541d3
                0x016541a7
                0x016541ae
                0x016541b0
                0x016541db
                0x016541b2
                0x016541b8
                0x016541bf
                0x016541c1
                0x016541c1
                0x016541c1
                0x016541c3
                0x016541c5
                0x016541df
                0x016541e2
                0x016541e2
                0x016541c7
                0x016541c9
                0x016b0628
                0x016b0628
                0x016b0630
                0x016b0631
                0x016b0633
                0x016b0635
                0x016b0635
                0x00000000
                0x016541c9
                0x0165417d
                0x01654183
                0x01654189
                0x0165418e
                0x01654190
                0x016b04a9
                0x016b04af
                0x00000000
                0x00000000
                0x016b04b5
                0x016b04c8
                0x016b04d5
                0x016b04e5
                0x016b04ea
                0x016b04f6
                0x016b0518
                0x016b051e
                0x016b0520
                0x016b0522
                0x00000000
                0x00000000
                0x016b0528
                0x016b052e
                0x016b0530
                0x00000000
                0x00000000
                0x016b053b
                0x016b053d
                0x00000000
                0x00000000
                0x016b0545
                0x016b054c
                0x016b054e
                0x016b0623
                0x00000000
                0x016b0623
                0x016b0556
                0x016b0557
                0x016b056f
                0x016b0574
                0x016b0583
                0x016b058a
                0x016b058b
                0x016b058d
                0x016b05b5
                0x016b05c0
                0x016b05c6
                0x016b05c8
                0x016b05cb
                0x016b05cd
                0x016b05d3
                0x016b05d5
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x016b05db
                0x016b05db
                0x016b05e3
                0x016b05e7
                0x016b05e9
                0x016b05eb
                0x016b05ed
                0x016b05ed
                0x016b05fa
                0x016b05ff
                0x016b0606
                0x016b060b
                0x016b060d
                0x00000000
                0x00000000
                0x016b0613
                0x016b0613
                0x016b0616
                0x016b0616
                0x00000000
                0x016b061e
                0x016b058f
                0x016b0594
                0x016b0596
                0x016b0598
                0x00000000
                0x016b059d
                0x01654196
                0x01654198
                0x0165419d
                0x0165419f
                0x00000000
                0x00000000
                0x016541a1
                0x00000000
                0x01654151
                0x01654151
                0x01654151
                0x00000000
                0x01654151

                Strings
                • ExecuteOptions, xrefs: 016B050A
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 016B058F
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 016B04BF
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 016B05AC
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 016B05F1
                • Execute=1, xrefs: 016B057D
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016B0566
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 5caffdce0396eca8df9e787d2f9bba38bf5090a996ff747ce59a376085a7b7f7
                • Instruction ID: 283365552aaca24fcd92225a79d005db373e6a8b46b536896825326f1a19b533
                • Opcode Fuzzy Hash: 5caffdce0396eca8df9e787d2f9bba38bf5090a996ff747ce59a376085a7b7f7
                • Instruction Fuzzy Hash: 9F613A35700219BBEF309A94DC85FFA77B9AF64305F0401DDE905A7281FF709A818B64
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016B2953
                Strings
                • RTL: Re-Waiting, xrefs: 016B2988
                • RTL: Resource at %p, xrefs: 016B296B
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016B295B
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: b01e44b843fa2bd45915d5ca62cc3223c08d8526065990b032d53d24faaa10d6
                • Instruction ID: a8084055ea515d4233dc4a030f9de90c9ac862c5689baff609a4b6f433a81fdc
                • Opcode Fuzzy Hash: b01e44b843fa2bd45915d5ca62cc3223c08d8526065990b032d53d24faaa10d6
                • Instruction Fuzzy Hash: C1315935A00632BBCB219A16CCC0FAB7BA9EF11B60F50025CED496B241DB21BC52C7E5
                Uniqueness

                Uniqueness Score: -1.00%

                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: f20af0445862797007719469ca7b1709e4d18a367974b3e6b363c7d4238a20cb
                • Instruction ID: 51ab17f747c3c46a1cda8522719c2d7e60c7aecf1c38d99c7853b0c728a39616
                • Opcode Fuzzy Hash: f20af0445862797007719469ca7b1709e4d18a367974b3e6b363c7d4238a20cb
                • Instruction Fuzzy Hash: 2F811A72D002699BDB31DF94CC44BEEBAB8AB09714F1441EAEA0DB7240D7705E85CFA4
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016EFDFA
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016EFE01
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016EFE2B
                Memory Dump Source
                • Source File: 00000002.00000002.652122895.0000000001630000.00000040.00000001.sdmp, Offset: 01630000, based on PE: true
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                • API String ID: 885266447-3903918235
                • Opcode ID: 0042ab9c2f00cc87b67a71fb65a2049f42fef29dadc6a59e65fb1173d396ceb4
                • Instruction ID: eb047f0c4c49e3d40da72ff283ceb318b18ffd3136f31dc0ae90c9e2802f4406
                • Opcode Fuzzy Hash: 0042ab9c2f00cc87b67a71fb65a2049f42fef29dadc6a59e65fb1173d396ceb4
                • Instruction Fuzzy Hash: 26F0C276240202BBEB201A86DC06E33BB9AEB44B30F240358F628561D1DA62B83086A4
                Uniqueness

                Uniqueness Score: -1.00%