Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Analysis ID:451828
MD5:19cac1ee3a6e5e9f83054616f5d5ce6f
SHA1:5b7f16098760f887b0bdc5fee9223d022e0597fb
SHA256:3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
Tags:exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Yara detected Generic Dropper
Yara detected GuLoader
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Variant.Graftor.981190.24096.exeJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
      00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
        00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
            Process Memory Space: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212JoeSecurity_GenericDropperYara detected Generic DropperJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              1.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
                1.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
                  8.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeMalware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeVirustotal: Detection: 14%Perma Link
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeReversingLabs: Detection: 19%
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: unknownHTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2
                    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

                    Networking:

                    barindex
                    C2 URLs / IPs found in malware configurationShow sources
                    Source: Malware configuration extractorURLs: https://kinmirai.org/wp-content/bin_lOulvHP91.bip
                    Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: unknownDNS traffic detected: queries for: kinmirai.org
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://ocsp.digicert.com0C
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://ocsp.digicert.com0O
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://www.digicert.com/CPS0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: https://www.digicert.com/CPS0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownHTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess Stats: CPU usage > 98%
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory,1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B51 NtSetInformationThread,1_2_02148B51
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C NtWriteVirtualMemory,1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,1_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021453F6 NtAllocateVirtualMemory,1_2_021453F6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142407 NtWriteVirtualMemory,1_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 NtWriteVirtualMemory,1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214444B NtWriteVirtualMemory,1_2_0214444B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C NtWriteVirtualMemory,1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148C81 NtSetInformationThread,1_2_02148C81
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB2 NtWriteVirtualMemory,1_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF NtWriteVirtualMemory,1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA,1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B5E NtSetInformationThread,1_2_02148B5E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02144345 NtWriteVirtualMemory,1_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145541 NtAllocateVirtualMemory,1_2_02145541
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142567 NtWriteVirtualMemory,1_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 NtWriteVirtualMemory,1_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC2 NtWriteVirtualMemory,1_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021447FF NtWriteVirtualMemory,1_2_021447FF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE9 NtWriteVirtualMemory,1_2_02143FE9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9660 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_1E3D9660
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D96E0 NtFreeVirtualMemory,LdrInitializeThunk,8_2_1E3D96E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9860 NtQuerySystemInformation,LdrInitializeThunk,8_2_1E3D9860
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9610 NtEnumerateValueKey,8_2_1E3D9610
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9670 NtQueryInformationProcess,8_2_1E3D9670
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9650 NtQueryValueKey,8_2_1E3D9650
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D96D0 NtCreateKey,8_2_1E3D96D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9730 NtQueryVirtualMemory,8_2_1E3D9730
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA710 NtOpenProcessToken,8_2_1E3DA710
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9710 NtQueryInformationToken,8_2_1E3D9710
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA770 NtOpenThread,8_2_1E3DA770
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9770 NtSetInformationFile,8_2_1E3D9770
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9760 NtOpenProcess,8_2_1E3D9760
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D97A0 NtUnmapViewOfSection,8_2_1E3D97A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9780 NtMapViewOfSection,8_2_1E3D9780
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9FE0 NtCreateMutant,8_2_1E3D9FE0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DAD30 NtSetContextThread,8_2_1E3DAD30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9520 NtWaitForSingleObject,8_2_1E3D9520
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9560 NtWriteFile,8_2_1E3D9560
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9540 NtReadFile,8_2_1E3D9540
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D95F0 NtQueryInformationFile,8_2_1E3D95F0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D95D0 NtClose,8_2_1E3D95D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A20 NtResumeThread,8_2_1E3D9A20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A10 NtQuerySection,8_2_1E3D9A10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A00 NtProtectVirtualMemory,8_2_1E3D9A00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A50 NtCreateFile,8_2_1E3D9A50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A80 NtOpenDirectoryObject,8_2_1E3D9A80
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9B00 NtSetValueKey,8_2_1E3D9B00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA3B0 NtGetContextThread,8_2_1E3DA3B0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9820 NtEnumerateKey,8_2_1E3D9820
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DB040 NtSuspendThread,8_2_1E3DB040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9840 NtDelayExecution,8_2_1E3D9840
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D98A0 NtWriteVirtualMemory,8_2_1E3D98A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D98F0 NtReadVirtualMemory,8_2_1E3D98F0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9910 NtAdjustPrivilegesToken,8_2_1E3D9910
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9950 NtQueueApcThread,8_2_1E3D9950
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D99A0 NtCreateSection,8_2_1E3D99A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D99D0 NtCreateProcessEx,8_2_1E3D99D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021486051_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021404C01_2_021404C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B511_2_02148B51
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409471_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021451A41_2_021451A4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021453F61_2_021453F6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021424071_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021434371_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406261_2_02140626
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021472291_2_02147229
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140E5C1_2_02140E5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021458441_2_02145844
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142A431_2_02142A43
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214824D1_2_0214824D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214104E1_2_0214104E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214444B1_2_0214444B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140E9A1_2_02140E9A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148C811_2_02148C81
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021438B41_2_021438B4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147EB41_2_02147EB4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB71_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB21_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140ABB1_2_02140ABB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021458D61_2_021458D6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406D21_2_021406D2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EC01_2_02143EC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021426CA1_2_021426CA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147AF51_2_02147AF5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406E21_2_021406E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021417061_2_02141706
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214770F1_2_0214770F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214093C1_2_0214093C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02141B241_2_02141B24
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02141B2E1_2_02141B2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B5E1_2_02148B5E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140D5A1_2_02140D5A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021443451_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146F731_2_02146F73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214357C1_2_0214357C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021425671_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214118E1_2_0214118E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021475BE1_2_021475BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021475BB1_2_021475BB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021437A51_2_021437A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409AE1_2_021409AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA81_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021405D81_2_021405D8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021421DB1_2_021421DB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021411C61_2_021411C6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC21_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021447FF1_2_021447FF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143BE21_2_02143BE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021401E91_2_021401E9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE91_2_02143FE9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B6E308_2_1E3B6E30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45D6168_2_1E45D616
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462EF78_2_1E462EF7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E461FF18_2_1E461FF1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45D4668_2_1E45D466
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A841F8_2_1E3A841F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E461D558_2_1E461D55
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E390D208_2_1E390D20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462D078_2_1E462D07
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4625DD8_2_1E4625DD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C25818_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AD5E08_2_1E3AD5E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4622AE8_2_1E4622AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462B288_2_1E462B28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CEBB08_2_1E3CEBB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45DBD28_2_1E45DBD2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4510028_2_1E451002
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46E8248_2_1E46E824
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A08_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB0908_2_1E3AB090
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4628EC8_2_1E4628EC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4620A88_2_1E4620A8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B41208_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39F9008_2_1E39F900
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: String function: 1E39B150 appears 35 times
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: invalid certificate
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734938567.000000001E61F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734295205.000000001DD90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000000.743496412.0000000000435000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734330843.000000001DEE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@1/1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile created: C:\Users\user\AppData\Local\Temp\~DF417CDC9232525881.TMPJump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeVirustotal: Detection: 14%
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeReversingLabs: Detection: 19%
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe' Jump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

                    Data Obfuscation:

                    barindex
                    Yara detected GuLoaderShow sources
                    Source: Yara matchFile source: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected GuLoaderShow sources
                    Source: Yara matchFile source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, type: SAMPLE
                    Source: Yara matchFile source: 1.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149656 push esp; iretd 1_2_02149659
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214965A push esp; iretd 1_2_0214965D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214964E push esp; iretd 1_2_02149655
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149676 push esp; iretd 1_2_02149679
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149672 push esp; iretd 1_2_02149675
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149666 push esp; iretd 1_2_02149669
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149662 push esp; iretd 1_2_02149665
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214966E push esp; iretd 1_2_02149671
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214966A push esp; iretd 1_2_0214966D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214634A push 00000020h; retf 1_2_0214634C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 push ebp; retf 1_2_02143FC5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3ED0D1 push ecx; ret 8_2_1E3ED0E4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569656 push esp; iretd 8_2_00569659
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056965A push esp; iretd 8_2_0056965D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056964E push esp; iretd 8_2_00569655
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569676 push esp; iretd 8_2_00569679
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569672 push esp; iretd 8_2_00569675
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569666 push esp; iretd 8_2_00569669
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569662 push esp; iretd 8_2_00569665
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056966E push esp; iretd 8_2_00569671
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056966A push esp; iretd 8_2_0056966D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory,1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021404C0 EnumWindows,1_2_021404C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C NtWriteVirtualMemory,1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,1_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142407 NtWriteVirtualMemory,1_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 NtWriteVirtualMemory,1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C NtWriteVirtualMemory,1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147EB4 1_2_02147EB4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB7 LoadLibraryA,1_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB2 NtWriteVirtualMemory,1_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140ABB TerminateProcess,1_2_02140ABB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF NtWriteVirtualMemory,1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214093C TerminateProcess,1_2_0214093C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA,1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02144345 NtWriteVirtualMemory,1_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142567 NtWriteVirtualMemory,1_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409AE TerminateProcess,1_2_021409AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 NtWriteVirtualMemory,1_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021421DB 1_2_021421DB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC2 NtWriteVirtualMemory,1_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE9 NtWriteVirtualMemory,1_2_02143FE9
                    Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
                    Tries to detect Any.runShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
                    Tries to detect virtualization through RDTSC time measurementsShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002147535 second address: 0000000002147535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C9709A3h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C97036Ah 0x00000036 test al, al 0x00000038 call 00007FB40C970463h 0x0000003d lfence 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021406EB second address: 0000000002140712 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push ebx 0x00000004 mov ebx, dword ptr [ebp+0000027Bh] 0x0000000a mov dword ptr [ebp+00000235h], edi 0x00000010 mov edi, D6C95C11h 0x00000015 cmp cx, FCD6h 0x0000001a xor edi, E9377D93h 0x00000020 xor edi, 468CFA5Dh 0x00000026 pushad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021453D5 second address: 00000000021453F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D2F second address: 0000000002140D49 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021443C4 second address: 000000000214441B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add dword ptr [edi+0Ch], AA027753h 0x00000012 test ch, ch 0x00000014 mov dword ptr [edi+10h], C4A9BE9Bh 0x0000001b test edx, ecx 0x0000001d xor dword ptr [edi+10h], 81B5164Fh 0x00000024 xor dword ptr [edi+10h], 1A4BFCCEh 0x0000002b cmp dl, bl 0x0000002d add dword ptr [edi+10h], A0A8ABE6h 0x00000034 mov dword ptr [edi+14h], 2AEEC3BEh 0x0000003b sub dword ptr [edi+14h], 174CCDEEh 0x00000042 test dh, FFFFFFBAh 0x00000045 xor dword ptr [edi+14h], C024DED6h 0x0000004c xor dword ptr [edi+14h], D3852B06h 0x00000053 pushad 0x00000054 lfence 0x00000057 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000567535 second address: 0000000000567535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C366B33h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C3664FAh 0x00000036 test al, al 0x00000038 call 00007FB40C3665F3h 0x0000003d lfence 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000005653D5 second address: 00000000005653F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000560D2F second address: 0000000000560DE7 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a nop 0x0000001b nop 0x0000001c mov eax, 00000001h 0x00000021 cpuid 0x00000023 popad 0x00000024 xor eax, EB5A589Ch 0x00000029 jmp 00007FB40C3664FEh 0x0000002b test ch, FFFFFFECh 0x0000002e xor eax, BE5B7B4Ah 0x00000033 cmp dx, cx 0x00000036 add eax, 864E8424h 0x0000003b push eax 0x0000003c test dx, ax 0x0000003f mov eax, dword ptr [ebp+00000190h] 0x00000045 fnop 0x00000047 cmp ebx, ebx 0x00000049 push 43F8D37Fh 0x0000004e cmp edx, 081C3CCEh 0x00000054 xor dword ptr [esp], 2E08F881h 0x0000005b cmp edx, edx 0x0000005d xor dword ptr [esp], 8C9FD1FFh 0x00000064 add dword ptr [esp], 1E90062Fh 0x0000006b push dword ptr [ebp+0000009Ch] 0x00000071 push si 0x00000073 mov si, 35EAh 0x00000077 pop si 0x00000079 mov dword ptr [ebp+0000017Eh], edi 0x0000007f mov edi, eax 0x00000081 push edi 0x00000082 mov edi, dword ptr [ebp+0000017Eh] 0x00000088 pushad 0x00000089 lfence 0x0000008c rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 000000000056371B second address: 000000000056375D instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov ebx, 987026F4h 0x00000008 test ch, ah 0x0000000a xor ebx, 1D32BE7Dh 0x00000010 cmp ch, dh 0x00000012 xor ebx, D33786A7h 0x00000018 test ecx, edx 0x0000001a add ebx, A98AE1E3h 0x00000020 push ebx 0x00000021 test bx, bx 0x00000024 mov ebx, dword ptr [ebp+000001A0h] 0x0000002a mov dword ptr [ebp+000001C7h], ebx 0x00000030 mov ebx, eax 0x00000032 push ebx 0x00000033 mov ebx, dword ptr [ebp+000001C7h] 0x00000039 test cx, ax 0x0000003c pushad 0x0000003d mov ecx, 0000001Fh 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 rdtsc 1_2_02148605
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exeMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging:

                    barindex
                    Hides threads from debuggersShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 rdtsc 1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145FFA LdrInitializeThunk,1_2_02145FFA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 mov eax, dword ptr fs:[00000030h]1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145022 mov eax, dword ptr fs:[00000030h]1_2_02145022
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB7 mov eax, dword ptr fs:[00000030h]1_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021470BE mov eax, dword ptr fs:[00000030h]1_2_021470BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146B34 mov eax, dword ptr fs:[00000030h]1_2_02146B34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F mov eax, dword ptr fs:[00000030h]1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143147 mov eax, dword ptr fs:[00000030h]1_2_02143147
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h]8_2_1E45AE44
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h]8_2_1E45AE44
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39E620 mov eax, dword ptr fs:[00000030h]8_2_1E39E620
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h]8_2_1E3CA61C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h]8_2_1E3CA61C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C8E00 mov eax, dword ptr fs:[00000030h]8_2_1E3C8E00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451608 mov eax, dword ptr fs:[00000030h]8_2_1E451608
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A766D mov eax, dword ptr fs:[00000030h]8_2_1E3A766D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44FE3F mov eax, dword ptr fs:[00000030h]8_2_1E44FE3F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44FEC0 mov eax, dword ptr fs:[00000030h]8_2_1E44FEC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468ED6 mov eax, dword ptr fs:[00000030h]8_2_1E468ED6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FE87 mov eax, dword ptr fs:[00000030h]8_2_1E42FE87
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A76E2 mov eax, dword ptr fs:[00000030h]8_2_1E3A76E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C16E0 mov ecx, dword ptr fs:[00000030h]8_2_1E3C16E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4146A7 mov eax, dword ptr fs:[00000030h]8_2_1E4146A7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C36CC mov eax, dword ptr fs:[00000030h]8_2_1E3C36CC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D8EC7 mov eax, dword ptr fs:[00000030h]8_2_1E3D8EC7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CE730 mov eax, dword ptr fs:[00000030h]8_2_1E3CE730
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h]8_2_1E394F2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h]8_2_1E394F2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468F6A mov eax, dword ptr fs:[00000030h]8_2_1E468F6A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BF716 mov eax, dword ptr fs:[00000030h]8_2_1E3BF716
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h]8_2_1E3CA70E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h]8_2_1E3CA70E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h]8_2_1E46070D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h]8_2_1E46070D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h]8_2_1E42FF10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h]8_2_1E42FF10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AFF60 mov eax, dword ptr fs:[00000030h]8_2_1E3AFF60
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AEF40 mov eax, dword ptr fs:[00000030h]8_2_1E3AEF40
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A8794 mov eax, dword ptr fs:[00000030h]8_2_1E3A8794
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D37F5 mov eax, dword ptr fs:[00000030h]8_2_1E3D37F5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h]8_2_1E417794
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h]8_2_1E417794
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h]8_2_1E417794
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CBC2C mov eax, dword ptr fs:[00000030h]8_2_1E3CBC2C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42C450 mov eax, dword ptr fs:[00000030h]8_2_1E42C450
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42C450 mov eax, dword ptr fs:[00000030h]8_2_1E42C450
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h]8_2_1E451C06
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h]8_2_1E46740D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h]8_2_1E46740D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h]8_2_1E46740D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h]8_2_1E416C0A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h]8_2_1E416C0A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h]8_2_1E416C0A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h]8_2_1E416C0A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B746D mov eax, dword ptr fs:[00000030h]8_2_1E3B746D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA44B mov eax, dword ptr fs:[00000030h]8_2_1E3CA44B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468CD6 mov eax, dword ptr fs:[00000030h]8_2_1E468CD6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A849B mov eax, dword ptr fs:[00000030h]8_2_1E3A849B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h]8_2_1E416CF0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h]8_2_1E416CF0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h]8_2_1E416CF0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4514FB mov eax, dword ptr fs:[00000030h]8_2_1E4514FB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E413540 mov eax, dword ptr fs:[00000030h]8_2_1E413540
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h]8_2_1E3C4D3B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h]8_2_1E3C4D3B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h]8_2_1E3C4D3B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39AD30 mov eax, dword ptr fs:[00000030h]8_2_1E39AD30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h]8_2_1E3A3D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BC577 mov eax, dword ptr fs:[00000030h]8_2_1E3BC577
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BC577 mov eax, dword ptr fs:[00000030h]8_2_1E3BC577
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B7D50 mov eax, dword ptr fs:[00000030h]8_2_1E3B7D50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468D34 mov eax, dword ptr fs:[00000030h]8_2_1E468D34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E41A537 mov eax, dword ptr fs:[00000030h]8_2_1E41A537
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45E539 mov eax, dword ptr fs:[00000030h]8_2_1E45E539
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D3D43 mov eax, dword ptr fs:[00000030h]8_2_1E3D3D43
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov ecx, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h]8_2_1E416DC9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h]8_2_1E3C1DB5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h]8_2_1E3C1DB5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h]8_2_1E3C1DB5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C35A1 mov eax, dword ptr fs:[00000030h]8_2_1E3C35A1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CFD9B mov eax, dword ptr fs:[00000030h]8_2_1E3CFD9B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CFD9B mov eax, dword ptr fs:[00000030h]8_2_1E3CFD9B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h]8_2_1E45FDE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h]8_2_1E45FDE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h]8_2_1E45FDE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h]8_2_1E45FDE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h]8_2_1E392D8A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h]8_2_1E392D8A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h]8_2_1E392D8A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h]8_2_1E392D8A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h]8_2_1E392D8A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E448DF1 mov eax, dword ptr fs:[00000030h]8_2_1E448DF1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h]8_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h]8_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h]8_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h]8_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AD5E0 mov eax, dword ptr fs:[00000030h]8_2_1E3AD5E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AD5E0 mov eax, dword ptr fs:[00000030h]8_2_1E3AD5E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4605AC mov eax, dword ptr fs:[00000030h]8_2_1E4605AC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4605AC mov eax, dword ptr fs:[00000030h]8_2_1E4605AC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45EA55 mov eax, dword ptr fs:[00000030h]8_2_1E45EA55
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D4A2C mov eax, dword ptr fs:[00000030h]8_2_1E3D4A2C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D4A2C mov eax, dword ptr fs:[00000030h]8_2_1E3D4A2C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E424257 mov eax, dword ptr fs:[00000030h]8_2_1E424257
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44B260 mov eax, dword ptr fs:[00000030h]8_2_1E44B260
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44B260 mov eax, dword ptr fs:[00000030h]8_2_1E44B260
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468A62 mov eax, dword ptr fs:[00000030h]8_2_1E468A62
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B3A1C mov eax, dword ptr fs:[00000030h]8_2_1E3B3A1C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h]8_2_1E395210
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E395210 mov ecx, dword ptr fs:[00000030h]8_2_1E395210
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h]8_2_1E395210
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h]8_2_1E395210
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39AA16 mov eax, dword ptr fs:[00000030h]8_2_1E39AA16
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39AA16 mov eax, dword ptr fs:[00000030h]8_2_1E39AA16
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A8A0A mov eax, dword ptr fs:[00000030h]8_2_1E3A8A0A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D927A mov eax, dword ptr fs:[00000030h]8_2_1E3D927A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AA16 mov eax, dword ptr fs:[00000030h]8_2_1E45AA16
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AA16 mov eax, dword ptr fs:[00000030h]8_2_1E45AA16
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h]8_2_1E399240
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h]8_2_1E399240
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h]8_2_1E399240
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h]8_2_1E399240
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AAAB0 mov eax, dword ptr fs:[00000030h]8_2_1E3AAAB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AAAB0 mov eax, dword ptr fs:[00000030h]8_2_1E3AAAB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CFAB0 mov eax, dword ptr fs:[00000030h]8_2_1E3CFAB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h]8_2_1E3952A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h]8_2_1E3952A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h]8_2_1E3952A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h]8_2_1E3952A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h]8_2_1E3952A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CD294 mov eax, dword ptr fs:[00000030h]8_2_1E3CD294
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CD294 mov eax, dword ptr fs:[00000030h]8_2_1E3CD294
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2AE4 mov eax, dword ptr fs:[00000030h]8_2_1E3C2AE4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2ACB mov eax, dword ptr fs:[00000030h]8_2_1E3C2ACB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468B58 mov eax, dword ptr fs:[00000030h]8_2_1E468B58
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C3B7A mov eax, dword ptr fs:[00000030h]8_2_1E3C3B7A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C3B7A mov eax, dword ptr fs:[00000030h]8_2_1E3C3B7A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39DB60 mov ecx, dword ptr fs:[00000030h]8_2_1E39DB60
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45131B mov eax, dword ptr fs:[00000030h]8_2_1E45131B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39F358 mov eax, dword ptr fs:[00000030h]8_2_1E39F358
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39DB40 mov eax, dword ptr fs:[00000030h]8_2_1E39DB40
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4153CA mov eax, dword ptr fs:[00000030h]8_2_1E4153CA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4153CA mov eax, dword ptr fs:[00000030h]8_2_1E4153CA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h]8_2_1E3C4BAD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h]8_2_1E3C4BAD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h]8_2_1E3C4BAD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2397 mov eax, dword ptr fs:[00000030h]8_2_1E3C2397
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CB390 mov eax, dword ptr fs:[00000030h]8_2_1E3CB390
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A1B8F mov eax, dword ptr fs:[00000030h]8_2_1E3A1B8F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A1B8F mov eax, dword ptr fs:[00000030h]8_2_1E3A1B8F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44D380 mov ecx, dword ptr fs:[00000030h]8_2_1E44D380
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45138A mov eax, dword ptr fs:[00000030h]8_2_1E45138A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BDBE9 mov eax, dword ptr fs:[00000030h]8_2_1E3BDBE9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h]8_2_1E3C03E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E465BA5 mov eax, dword ptr fs:[00000030h]8_2_1E465BA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h]8_2_1E3AB02A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h]8_2_1E3AB02A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h]8_2_1E3AB02A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h]8_2_1E3AB02A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h]8_2_1E3C002D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h]8_2_1E3C002D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h]8_2_1E3C002D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h]8_2_1E3C002D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h]8_2_1E3C002D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E461074 mov eax, dword ptr fs:[00000030h]8_2_1E461074
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E452073 mov eax, dword ptr fs:[00000030h]8_2_1E452073
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E464015 mov eax, dword ptr fs:[00000030h]8_2_1E464015
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E464015 mov eax, dword ptr fs:[00000030h]8_2_1E464015
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h]8_2_1E417016
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h]8_2_1E417016
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h]8_2_1E417016
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B0050 mov eax, dword ptr fs:[00000030h]8_2_1E3B0050
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B0050 mov eax, dword ptr fs:[00000030h]8_2_1E3B0050
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CF0BF mov ecx, dword ptr fs:[00000030h]8_2_1E3CF0BF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CF0BF mov eax, dword ptr fs:[00000030h]8_2_1E3CF0BF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CF0BF mov eax, dword ptr fs:[00000030h]8_2_1E3CF0BF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D90AF mov eax, dword ptr fs:[00000030h]8_2_1E3D90AF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov ecx, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h]8_2_1E42B8D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399080 mov eax, dword ptr fs:[00000030h]8_2_1E399080
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E413884 mov eax, dword ptr fs:[00000030h]8_2_1E413884
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E413884 mov eax, dword ptr fs:[00000030h]8_2_1E413884
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3958EC mov eax, dword ptr fs:[00000030h]8_2_1E3958EC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C513A mov eax, dword ptr fs:[00000030h]8_2_1E3C513A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C513A mov eax, dword ptr fs:[00000030h]8_2_1E3C513A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h]8_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h]8_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h]8_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h]8_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B4120 mov ecx, dword ptr fs:[00000030h]8_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h]8_2_1E399100
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h]8_2_1E399100
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h]8_2_1E399100
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39B171 mov eax, dword ptr fs:[00000030h]8_2_1E39B171
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39B171 mov eax, dword ptr fs:[00000030h]8_2_1E39B171
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C962 mov eax, dword ptr fs:[00000030h]8_2_1E39C962
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BB944 mov eax, dword ptr fs:[00000030h]8_2_1E3BB944
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BB944 mov eax, dword ptr fs:[00000030h]8_2_1E3BB944
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C61A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C61A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C61A0 mov eax, dword ptr fs:[00000030h]8_2_1E3C61A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4241E8 mov eax, dword ptr fs:[00000030h]8_2_1E4241E8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C2990 mov eax, dword ptr fs:[00000030h]8_2_1E3C2990
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BC182 mov eax, dword ptr fs:[00000030h]8_2_1E3BC182
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA185 mov eax, dword ptr fs:[00000030h]8_2_1E3CA185
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h]8_2_1E39B1E1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h]8_2_1E39B1E1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h]8_2_1E39B1E1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4169A6 mov eax, dword ptr fs:[00000030h]8_2_1E4169A6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h]8_2_1E4151BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h]8_2_1E4151BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h]8_2_1E4151BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h]8_2_1E4151BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe' Jump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmpBinary or memory string: Program Manager
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmpBinary or memory string: Progman
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146E24 cpuid 1_2_02146E24

                    Stealing of Sensitive Information:

                    barindex
                    GuLoader behavior detectedShow sources
                    Source: Initial fileSignature Results: GuLoader behavior
                    Yara detected Generic DropperShow sources
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212, type: MEMORY

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection12Virtualization/Sandbox Evasion21OS Credential DumpingSecurity Software Discovery621Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection12LSASS MemoryVirtualization/Sandbox Evasion21Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSSystem Information Discovery311Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SecuriteInfo.com.Variant.Graftor.981190.24096.exe15%VirustotalBrowse
                    SecuriteInfo.com.Variant.Graftor.981190.24096.exe20%ReversingLabsWin32.Trojan.Graftor

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://kinmirai.org/wp-content/bin_lOulvHP91.bip0%VirustotalBrowse
                    https://kinmirai.org/wp-content/bin_lOulvHP91.bip0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    kinmirai.org
                    		133.130.104.18
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://kinmirai.org/wp-content/bin_lOulvHP91.biptrue
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      133.130.104.18
                      		kinmirai.orgJapan7506INTERQGMOInternetIncJPtrue

                      General Information

                      Joe Sandbox Version:33.0.0 White Diamond
                      Analysis ID:451828
                      Start date:21.07.2021
                      Start time:12:10:46
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 13m 22s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Run name:Suspected Instruction Hammering Hide Perf
                      Number of analysed new started processes analysed:29
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@3/0@1/1
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 96% (good quality ratio 83.5%)
                      • Quality average: 71.6%
                      • Quality standard deviation: 33.5%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Found application associated with file extension: .exe
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, RuntimeBroker.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                      • Excluded IPs from analysis (whitelisted): 104.43.193.48, 52.147.198.201, 23.54.113.53, 104.42.151.234, 20.82.210.154, 20.54.110.249, 205.185.216.42, 205.185.216.10, 40.112.88.60, 23.10.249.43, 23.10.249.26, 20.50.102.62, 20.190.160.135, 20.190.160.5, 20.190.160.70, 20.190.160.131, 20.190.160.9, 20.190.160.74, 20.190.160.68, 20.190.160.7, 40.127.240.158, 51.104.136.2
                      • Excluded domains from analysis (whitelisted): www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, cds.d2s7q6s2.hwcdn.net, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, settingsfd-geo.trafficmanager.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      133.130.104.18F63V4i8eZU.exeGet hashmaliciousBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        kinmirai.orgF63V4i8eZU.exeGet hashmaliciousBrowse
                        • 133.130.104.18

                        ASN

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        INTERQGMOInternetIncJPPO20210719.docxGet hashmaliciousBrowse
                        • 157.7.107.89
                        F63V4i8eZU.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        Y-20211907-00927735_pdf.exeGet hashmaliciousBrowse
                        • 118.27.99.20
                        kung.xlsxGet hashmaliciousBrowse
                        • 163.44.185.218
                        Tlz3P6ra10.exeGet hashmaliciousBrowse
                        • 163.44.239.73
                        LcpQGVWUWU.exeGet hashmaliciousBrowse
                        • 163.44.185.221
                        01_extracted.exeGet hashmaliciousBrowse
                        • 150.95.255.38
                        Order_1537-25.exeGet hashmaliciousBrowse
                        • 150.95.255.38
                        Enquiry#List For Urgent Order070421.exeGet hashmaliciousBrowse
                        • 118.27.99.88
                        New Order062421.exeGet hashmaliciousBrowse
                        • 150.95.255.38
                        ZQGMiyaTir.exeGet hashmaliciousBrowse
                        • 163.44.239.73
                        Shipping Document DHL.exeGet hashmaliciousBrowse
                        • 150.95.255.38
                        xwKdahKPn8.exeGet hashmaliciousBrowse
                        • 210.172.144.245
                        kXkTaGocR5.exeGet hashmaliciousBrowse
                        • 163.44.239.73
                        heoN5wnP2d.exeGet hashmaliciousBrowse
                        • 163.44.239.73
                        New Order_PO 1164_HD-F 4020 6K.exeGet hashmaliciousBrowse
                        • 118.27.99.88
                        Potvrda o uplati u eurima.exeGet hashmaliciousBrowse
                        • 163.44.187.215
                        June 21st,2021.exeGet hashmaliciousBrowse
                        • 157.7.107.169
                        eTWZtFRRMJ.exeGet hashmaliciousBrowse
                        • 163.44.239.73
                        New Order_PO 1164_HD-F 4020 6K.exeGet hashmaliciousBrowse
                        • 118.27.99.88

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        37f463bf4616ecd445d4a1937da06e19IPVrDRKfYj.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        11.docxGet hashmaliciousBrowse
                        • 133.130.104.18
                        #U2706_#U260e_Play _to _Listen.htmGet hashmaliciousBrowse
                        • 133.130.104.18
                        Wcqwghjdefrkaiamzhtbgtpbmolvfnoxik.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        Wcqwghjdefrkaiamzhtbgtpbmolvfnoxik.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        BoFA Remittance Advice-2021207.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        8rbuJ8Ycv1.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        DRQxZrK.dllGet hashmaliciousBrowse
                        • 133.130.104.18
                        DRQxZrK.dllGet hashmaliciousBrowse
                        • 133.130.104.18
                        lpaBPnb1OB.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        nZdwtTEYoW.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        unJLhL75HG.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        9bCnBwR693.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        BVD1xWp0y0.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        nRjbMQ5Jua.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        Hsbc Scan copy 3547856788 Pdf.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        DigitalLicense.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        vir.dllGet hashmaliciousBrowse
                        • 133.130.104.18
                        #Ud53c#Uc544#Ub178.exeGet hashmaliciousBrowse
                        • 133.130.104.18
                        Wesnvuotnnnxvacefgejmjccyfnnrjmdmc.exeGet hashmaliciousBrowse
                        • 133.130.104.18

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):4.635501230509535
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.15%
                        • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                        File size:246888
                        MD5:19cac1ee3a6e5e9f83054616f5d5ce6f
                        SHA1:5b7f16098760f887b0bdc5fee9223d022e0597fb
                        SHA256:3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
                        SHA512:75d7cc20b44224ab616b9d4e6edd2c527c4245f5752430a08ed7a68a3d1596bfe5f9a16a447a57e8cbbe965b7377c6259f481c6a1ae8d262238ad25dce14a0ad
                        SSDEEP:3072:MtU2Qf98DH332/jEvQuUZZNzPmhd3QPBP:KU2Qf9iXm/jduUNzPKNC
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................................Rich............PE..L.....QU.................0...p......0........@....@................

                        File Icon

                        Icon Hash:e8ccce8e8ececce8

                        Static PE Info

                        General

                        Entrypoint:0x401330
                        Entrypoint Section:.text
                        Digitally signed:true
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        DLL Characteristics:
                        Time Stamp:0x5551E11C [Tue May 12 11:16:44 2015 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:4e1e57f6de47f654992269152dd1e659

                        Authenticode Signature

                        Signature Valid:false
                        Signature Issuer:E=Lertj1@impifo.Tw, CN=Konc, OU=HVEPSERED, O=Sulfur2, L=Delings, S=tyskla, C=IS
                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                        Error Number:-2146762487
                        Not Before, Not After
                        • 7/20/2021 11:04:04 PM 7/20/2022 11:04:04 PM
                        Subject Chain
                        • E=Lertj1@impifo.Tw, CN=Konc, OU=HVEPSERED, O=Sulfur2, L=Delings, S=tyskla, C=IS
                        Version:3
                        Thumbprint MD5:E001EFB7FC2CF4F9AF90A05F56C0FF24
                        Thumbprint SHA-1:FCE4066FC44A76DB5BD40EDCD674457947994F61
                        Thumbprint SHA-256:30E21C2F0117B69F54088BA86D9ACD07DCB63504497576DBD473335F67BB6F5D
                        Serial:00

                        Entrypoint Preview

                        Instruction
                        push 0042F010h
                        call 00007FB40C9DE763h
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        xor byte ptr [eax], al
                        add byte ptr [eax], al
                        cmp byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        jnle 00007FB40C9DE722h
                        mov dh, EDh
                        lodsb
                        jl 00007FB40C9DE707h
                        inc ebx
                        mov ecx, BEBDAAA6h
                        insd
                        das
                        out dx, al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add dword ptr [eax], eax
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        dec esp
                        jne 00007FB40C9DE7E0h
                        popad
                        je 00007FB40C9DE7D3h
                        imul eax, dword ptr [eax], 00000000h
                        dec esp
                        xor dword ptr [eax], eax
                        adc al, 59h
                        push esi
                        rcl dword ptr [ebp+eax*4+6Eh], 1
                        add byte ptr [edx+ebx*4-14h], al
                        movsb
                        loope 00007FB40C9DE770h
                        cld
                        outsd
                        clc
                        and eax, 9AF307A8h
                        inc ebp
                        inc ebx
                        inc esp
                        stosb
                        and ecx, ecx
                        push edi
                        cmp byte ptr [ebx+4F3A3B76h], FFFFFFADh
                        xor ebx, dword ptr [ecx-48EE309Ah]
                        or al, 00h
                        stosb
                        add byte ptr [eax-2Dh], ah
                        xchg eax, ebx
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        push es
                        fild dword ptr [edx]
                        add byte ptr [ecx+4Fh], bh
                        add byte ptr [eax], al
                        add byte ptr [eax], cl
                        add byte ptr [edi+ebp*2+74h], ah
                        imul ebp, dword ptr [esi+67h], 0D006373h
                        add dword ptr [eax+eax], eax
                        push edx
                        dec ecx
                        inc edi
                        dec eax
                        add byte ptr [ecx], bl
                        add dword ptr [eax], eax
                        inc edx
                        add byte ptr [edx], ah
                        add byte ptr [ebx], ah
                        dec edi

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x330540x28.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x350000x54b4.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x3b0500x1418
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x11000x1c.text
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                        IMAGE_DIRECTORY_ENTRY_IAT0x10000xf8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x324a00x33000False0.249899471507data4.58227124451IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        .data0x340000xb900x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .rsrc0x350000x54b40x6000False0.293172200521data4.10742387863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountry
                        RT_ICON0x39e4c0x668dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 4265541880, next used block 7936
                        RT_ICON0x39b640x2e8data
                        RT_ICON0x3997c0x1e8data
                        RT_ICON0x398540x128GLS_BINARY_LSB_FIRST
                        RT_ICON0x389ac0xea8data
                        RT_ICON0x381040x8a8data
                        RT_ICON0x37a3c0x6c8data
                        RT_ICON0x374d40x568GLS_BINARY_LSB_FIRST
                        RT_ICON0x3642c0x10a8data
                        RT_ICON0x35aa40x988data
                        RT_ICON0x3563c0x468GLS_BINARY_LSB_FIRST
                        RT_GROUP_ICON0x3559c0xa0data
                        RT_VERSION0x352d00x2ccdataEnglishUnited States

                        Imports

                        DLLImport
                        MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

                        Version Infos

                        DescriptionData
                        Translation0x0409 0x04b0
                        LegalCopyrightClicked
                        InternalNametypo
                        FileVersion7.00
                        CompanyNameClicked
                        LegalTrademarksClicked
                        CommentsClicked
                        ProductNameClicked
                        ProductVersion7.00
                        FileDescriptionClicked
                        OriginalFilenametypo.exe

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Snort IDS Alerts

                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                        07/21/21-12:03:04.195208ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:08.069840ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:12.026957ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:16.027956ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:16.041189ICMP449ICMP Time-To-Live Exceeded in Transit91.201.58.73192.168.2.6
                        07/21/21-12:03:16.041669ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:16.053598ICMP449ICMP Time-To-Live Exceeded in Transit91.206.52.152192.168.2.6
                        07/21/21-12:03:16.054007ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:20.122673ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:24.028507ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:28.028441ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:32.028747ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:36.030038ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:40.029681ICMP384ICMP PING192.168.2.613.107.4.50
                        07/21/21-12:03:40.042423ICMP408ICMP Echo Reply13.107.4.50192.168.2.6

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jul 21, 2021 12:13:07.842685938 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.080722094 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.080848932 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.101291895 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.337555885 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.342720985 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.342747927 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.342761993 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.343075037 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.429688931 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.666393042 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.668899059 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.681634903 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.919889927 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.919926882 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.919948101 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.919970989 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.919995070 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920017004 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920041084 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920068026 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920094013 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920115948 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:08.920248985 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:08.920331001 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.158828020 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.158874989 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.158901930 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.158934116 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.158963919 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.158962011 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.158989906 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159015894 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159050941 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159081936 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159110069 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.159132004 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159209967 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.159368038 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.395946026 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396023035 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396048069 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396070004 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396090984 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396239996 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396262884 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396285057 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396300077 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.396306992 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396395922 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396416903 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396436930 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396442890 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.396495104 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.396497965 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396521091 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.396548986 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.396621943 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.632973909 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.633001089 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.633265972 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.634362936 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634385109 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634429932 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634510994 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634578943 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.634676933 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634689093 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.634701014 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634717941 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634733915 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634843111 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.634865046 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634888887 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634891033 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.634918928 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.634959936 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.635000944 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635018110 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635036945 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635047913 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.635056019 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635072947 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635088921 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.635144949 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.635221958 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.869800091 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.869832993 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.869846106 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870045900 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.870631933 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870661020 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870678902 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870695114 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870712042 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870774031 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.870812893 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870855093 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.870871067 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870928049 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.870945930 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.870968103 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871020079 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871022940 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871069908 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871108055 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871114016 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871150017 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871166945 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871179104 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871205091 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871268034 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871278048 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871296883 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871309996 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871326923 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871356010 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871376991 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871386051 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871450901 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871474981 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871525049 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871547937 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871566057 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871620893 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:09.871629953 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:09.871720076 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.107032061 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107062101 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107224941 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107243061 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107296944 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.107389927 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.107836008 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107857943 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.107975960 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108020067 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108037949 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108067989 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108084917 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108103991 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108144045 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108196020 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108222008 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108314037 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108341932 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108361006 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108376980 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108452082 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108480930 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108500004 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108597994 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108614922 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108629942 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108648062 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108665943 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108702898 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108738899 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108772993 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108797073 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108835936 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108859062 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108877897 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108897924 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108911037 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108928919 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108944893 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108957052 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108958960 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.108974934 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.108993053 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109006882 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109021902 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109034061 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.109039068 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109059095 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109076023 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109091997 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109107018 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109123945 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109132051 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.109139919 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.109215975 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.343710899 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343776941 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343825102 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343913078 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343928099 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.343949080 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343986988 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.343966007 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344001055 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344080925 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344100952 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344213009 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344305038 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344419003 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344448090 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344486952 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344513893 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344522953 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344563961 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344579935 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344631910 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344660997 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344731092 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344764948 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344786882 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344794035 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344826937 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344851017 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:10.344887972 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:10.344984055 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:13:15.344939947 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:15.344961882 CEST44349756133.130.104.18192.168.2.4
                        Jul 21, 2021 12:13:15.345089912 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:14:57.383990049 CEST49756443192.168.2.4133.130.104.18
                        Jul 21, 2021 12:14:57.384078026 CEST49756443192.168.2.4133.130.104.18

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jul 21, 2021 12:11:28.659862995 CEST5802853192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:28.673554897 CEST53580288.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:29.508589983 CEST5309753192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:29.521244049 CEST53530978.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:30.042069912 CEST4925753192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:30.060789108 CEST53492578.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:33.537056923 CEST6238953192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:33.549148083 CEST53623898.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:34.528343916 CEST4991053192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:34.541459084 CEST53499108.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:35.524209976 CEST5585453192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:35.539905071 CEST53558548.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:36.350260019 CEST6454953192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:36.368417025 CEST53645498.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:37.339224100 CEST6315353192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:37.356395006 CEST53631538.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:37.983366966 CEST5299153192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:37.996326923 CEST53529918.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:38.792701006 CEST5370053192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:38.806636095 CEST53537008.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:39.641449928 CEST5172653192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:39.655206919 CEST53517268.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:40.828303099 CEST5679453192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:40.841437101 CEST53567948.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:41.487544060 CEST5653453192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:41.501157045 CEST53565348.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:42.110591888 CEST5662753192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:42.125725031 CEST53566278.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:43.076989889 CEST5662153192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:43.090162992 CEST53566218.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:44.720104933 CEST6311653192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:44.732237101 CEST53631168.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:45.443929911 CEST6407853192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:45.457055092 CEST53640788.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:46.509162903 CEST6480153192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:46.524358034 CEST53648018.8.8.8192.168.2.4
                        Jul 21, 2021 12:11:47.822518110 CEST6172153192.168.2.48.8.8.8
                        Jul 21, 2021 12:11:47.836349010 CEST53617218.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:02.479473114 CEST5125553192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:02.493089914 CEST53512558.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:23.023420095 CEST6152253192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:23.097974062 CEST53615228.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:23.330646038 CEST5233753192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:23.346139908 CEST53523378.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:23.948959112 CEST5504653192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:23.964185953 CEST53550468.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:25.385813951 CEST4961253192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:25.465778112 CEST53496128.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:30.280365944 CEST4928553192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:30.294329882 CEST53492858.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:31.085834026 CEST5060153192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:31.099173069 CEST53506018.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:31.652753115 CEST6087553192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:31.741770029 CEST53608758.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:32.500979900 CEST5644853192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:32.514101982 CEST53564488.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:33.224143028 CEST5917253192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:33.260479927 CEST53591728.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:33.417370081 CEST6242053192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:33.431308985 CEST53624208.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:34.516972065 CEST6057953192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:34.530416965 CEST53605798.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:34.994863987 CEST5018353192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:35.066095114 CEST53501838.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:45.570372105 CEST6153153192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:45.590770960 CEST53615318.8.8.8192.168.2.4
                        Jul 21, 2021 12:12:48.388950109 CEST4922853192.168.2.48.8.8.8
                        Jul 21, 2021 12:12:48.410485983 CEST53492288.8.8.8192.168.2.4
                        Jul 21, 2021 12:13:02.446716070 CEST5979453192.168.2.48.8.8.8
                        Jul 21, 2021 12:13:02.460864067 CEST53597948.8.8.8192.168.2.4
                        Jul 21, 2021 12:13:05.683134079 CEST5591653192.168.2.48.8.8.8
                        Jul 21, 2021 12:13:05.697160006 CEST53559168.8.8.8192.168.2.4
                        Jul 21, 2021 12:13:07.443418026 CEST5275253192.168.2.48.8.8.8
                        Jul 21, 2021 12:13:07.824268103 CEST53527528.8.8.8192.168.2.4
                        Jul 21, 2021 12:16:19.324110031 CEST6054253192.168.2.48.8.8.8
                        Jul 21, 2021 12:16:19.352860928 CEST53605428.8.8.8192.168.2.4
                        Jul 21, 2021 12:16:19.753959894 CEST6068953192.168.2.48.8.8.8
                        Jul 21, 2021 12:16:19.790894032 CEST53606898.8.8.8192.168.2.4
                        Jul 21, 2021 12:16:23.073700905 CEST6420653192.168.2.48.8.8.8
                        Jul 21, 2021 12:16:23.088897943 CEST53642068.8.8.8192.168.2.4
                        Jul 21, 2021 12:16:26.816910982 CEST5090453192.168.2.48.8.8.8
                        Jul 21, 2021 12:16:26.842767000 CEST53509048.8.8.8192.168.2.4
                        Jul 21, 2021 12:16:27.113584042 CEST5752553192.168.2.48.8.8.8
                        Jul 21, 2021 12:16:27.141411066 CEST53575258.8.8.8192.168.2.4
                        Jul 21, 2021 12:18:35.018955946 CEST5381453192.168.2.48.8.8.8
                        Jul 21, 2021 12:18:35.032601118 CEST53538148.8.8.8192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                        Jul 21, 2021 12:13:07.443418026 CEST192.168.2.48.8.8.80xc036Standard query (0)kinmirai.orgA (IP address)IN (0x0001)

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                        Jul 21, 2021 12:13:07.824268103 CEST8.8.8.8192.168.2.40xc036No error (0)kinmirai.org133.130.104.18A (IP address)IN (0x0001)
                        Jul 21, 2021 12:16:19.352860928 CEST8.8.8.8192.168.2.40x2394No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)

                        HTTPS Packets

                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                        Jul 21, 2021 12:13:08.342761993 CEST133.130.104.18443192.168.2.449756CN=www.kinmirai.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BECN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Tue Jun 22 20:42:45 CEST 2021 Tue Jul 28 02:00:00 CEST 2020Mon Jul 26 07:45:48 CEST 2021 Sun Mar 18 01:00:00 CET 2029771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                        CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BECN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Tue Jul 28 02:00:00 CEST 2020Sun Mar 18 01:00:00 CET 2029

                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 6508 Parent PID: 5880

                        General

                        Start time:12:11:34
                        Start date:21/07/2021
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                        Wow64 process (32bit):true
                        Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                        Imagebase:0x400000
                        File size:246888 bytes
                        MD5 hash:19CAC1EE3A6E5E9F83054616F5D5CE6F
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:Visual Basic
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Author: Joe Security
                        Reputation:low

                        Chronological Activities

                        Analysis Process: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212 Parent PID: 6508

                        General

                        Start time:12:12:19
                        Start date:21/07/2021
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                        Wow64 process (32bit):true
                        Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                        Imagebase:0x400000
                        File size:246888 bytes
                        MD5 hash:19CAC1EE3A6E5E9F83054616F5D5CE6F
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_1, Description: Yara detected GuLoader, Source: 00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                        Reputation:low

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 6508 Parent PID: 5880 SecuriteInfo.com.Variant.Graftor.981190.24096.exeCOMMON

                          Executed Functions

                          Function 02140947, Relevance: 12.5, APIs: 3, Strings: 3, Instructions: 1955COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: QG;$%{\2$/wyh
                          • API String ID: 2167126740-1782018246
                          • Opcode ID: dcb65759e40dd655002563b4cf50a8e7ce58cfa58f69035063d2e437256af9ea
                          • Instruction ID: cab183ea4cbc1c69c32cdf9923223fb6672fb7f8ee9f18c330bf2700600f13ec
                          • Opcode Fuzzy Hash: dcb65759e40dd655002563b4cf50a8e7ce58cfa58f69035063d2e437256af9ea
                          • Instruction Fuzzy Hash: E6F26371A4434A9FDB349F38CD947EA77A2EF55350F95812EDC8D9B240DB348A82CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214293F, Relevance: 10.5, APIs: 2, Strings: 3, Instructions: 1755COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2$/wyh
                          • API String ID: 0-1782018246
                          • Opcode ID: bbaa11d749683e9c8b53c6e76e802e91c04657043bc5300bc4a4131c8e50152e
                          • Instruction ID: b220b78c92b7954e40ae97f44cf85b621ff11cea50d35a33fd5ca2e23b04e42b
                          • Opcode Fuzzy Hash: bbaa11d749683e9c8b53c6e76e802e91c04657043bc5300bc4a4131c8e50152e
                          • Instruction Fuzzy Hash: 99E232B1A4034A9FDB349F28CD947DAB7A2FF59350F95822EDC8D9B240D7309A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143437, Relevance: 9.8, APIs: 1, Strings: 4, Instructions: 1091COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2$/wyh$<{~
                          • API String ID: 0-3996436255
                          • Opcode ID: 15f140f59ec7ea7afc32356ad0792a3978779ddf9f34b0d782d1d73bfbba9e48
                          • Instruction ID: 9ded59a882856ec5983b5a9da0697d8f97f9b7e7561163e3b762508e91ccb9d0
                          • Opcode Fuzzy Hash: 15f140f59ec7ea7afc32356ad0792a3978779ddf9f34b0d782d1d73bfbba9e48
                          • Instruction Fuzzy Hash: F29250B264034A9FDB349F38CD957DA77A2BF55390F96422DDC8D8B250D7308A85CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146D5C, Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 1044COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2$XI!
                          • API String ID: 0-2309300164
                          • Opcode ID: d4d18439baf25ba318ca968bced092312a1fe9c8433e33777f406a4d18e12f44
                          • Instruction ID: d547c25c075c6c91485df31d38e0b3e6dda74ff590482385f0b0843225682b98
                          • Opcode Fuzzy Hash: d4d18439baf25ba318ca968bced092312a1fe9c8433e33777f406a4d18e12f44
                          • Instruction Fuzzy Hash: 3C923FB264434A9FDB349F38CD957EA7BA2BF55350F95822DDC8D9B200D7308A85CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02148605, Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 837nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtProtectVirtualMemory.NTDLL(5600CF0C,?,?,?,?,02147D7E,59664DF5,02143F9F,96D7C7A0), ref: 0214869A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID: QG;$%{\2
                          • API String ID: 2706961497-543867728
                          • Opcode ID: 91680b97d4d20d17e4504fa318d5c52ec1e863b0c1372b4620728a51ff2a542e
                          • Instruction ID: 29e79c8e59daaaccdf0d9997bb424e80714abf8732d5d8ff5d15b6b12f8e2146
                          • Opcode Fuzzy Hash: 91680b97d4d20d17e4504fa318d5c52ec1e863b0c1372b4620728a51ff2a542e
                          • Instruction Fuzzy Hash: 61620CB260434A9FDB349F38CD957EABBA2BF55350F95422DDC8D9B240D7308A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02148B51, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 371COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: /wyh$x2x<$XyG
                          • API String ID: 0-2276865415
                          • Opcode ID: 4c4529fb5161a58a56d3d01945ad3208bae20c5e6a38bc2340353081cce3bda2
                          • Instruction ID: 5c318d2afb138080dd7429f470c123264f073bc8bbbd22144370bc19cd628fc9
                          • Opcode Fuzzy Hash: 4c4529fb5161a58a56d3d01945ad3208bae20c5e6a38bc2340353081cce3bda2
                          • Instruction Fuzzy Hash: FDD13671A443468FDB39DE68CDA47EA77A3AF95350F92812ECC4E9B244DB34C985CB01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02142567, Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1024COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2
                          • API String ID: 0-543867728
                          • Opcode ID: bfd1fb41e04360ed6e2a1ccb19ff1490347d97a6a11f7f4738f6c98a404a434a
                          • Instruction ID: a1101d4d418144d369ad54906995e7bd5e271ec6293bb7e33c373803b7c5d438
                          • Opcode Fuzzy Hash: bfd1fb41e04360ed6e2a1ccb19ff1490347d97a6a11f7f4738f6c98a404a434a
                          • Instruction Fuzzy Hash: D492507264434A9FDB349F38CD947DABBA2FF55390F96422EDC899B210D7308A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214207C, Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1016COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: QG;$%{\2
                          • API String ID: 2167126740-543867728
                          • Opcode ID: 2b70ea7ab9db6398a8e6d54ca7fde286345b07e8140d66a5220687b0c1b7264f
                          • Instruction ID: eec501596f66466076d1980bfbe4679e12767bda96ea45188f63331cec0fcddd
                          • Opcode Fuzzy Hash: 2b70ea7ab9db6398a8e6d54ca7fde286345b07e8140d66a5220687b0c1b7264f
                          • Instruction Fuzzy Hash: 1E823EB160434A9FDB349F38CD947EABBA2BF55390F95422EDC8D9B240D7308A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02142407, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 884COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: QG;$%{\2
                          • API String ID: 2167126740-543867728
                          • Opcode ID: 51ef563236d0dabcb69c1f994f9f2ca9a13c9255f081c036c88f732a678004e1
                          • Instruction ID: f350ae28e317146d28b763a7165c6464c65632130c686bf0843c9a47074835e9
                          • Opcode Fuzzy Hash: 51ef563236d0dabcb69c1f994f9f2ca9a13c9255f081c036c88f732a678004e1
                          • Instruction Fuzzy Hash: 9A721EB264434A9FDB349F38CD957DAB7A2BF55350F96422EDC8D9B200D7308A85CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143EB2, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 799COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2
                          • API String ID: 0-543867728
                          • Opcode ID: fc9edbb015c49ca4145ad182474a0032e5ecc09ee7f42354d26b529eb8a07336
                          • Instruction ID: f44baf7c61a36f1fcd6e4681dfa9f532caaabbe1a5009b6734ed56ed8444cf88
                          • Opcode Fuzzy Hash: fc9edbb015c49ca4145ad182474a0032e5ecc09ee7f42354d26b529eb8a07336
                          • Instruction Fuzzy Hash: A8622DB264034A9FDB349F38CD957EAB7A2FF55390F95422DDD898B210D7308A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143FC2, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 762COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2
                          • API String ID: 0-543867728
                          • Opcode ID: 1705ec72b59d40d9e8e3e9527c99a26e2705c37eecaab2d105a5e60abb581aab
                          • Instruction ID: 8511485fd45df863713cd8cadb956f3f68807609e29fb26b8b4a81d53e8afc90
                          • Opcode Fuzzy Hash: 1705ec72b59d40d9e8e3e9527c99a26e2705c37eecaab2d105a5e60abb581aab
                          • Instruction Fuzzy Hash: 25521DB264434A9FDB349F38CD957DA7BA2BF55390F96412EDC8D8B210D7308A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143FA8, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 760COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: QG;$%{\2
                          • API String ID: 0-543867728
                          • Opcode ID: 9d2021e320cf83277555671cc6bee369ea29ab0e984777f335b9c5515d408ad9
                          • Instruction ID: e20c185a9fdae0a71c761afb887649de497c9f40ea6e5398e441ba3b27e30c45
                          • Opcode Fuzzy Hash: 9d2021e320cf83277555671cc6bee369ea29ab0e984777f335b9c5515d408ad9
                          • Instruction Fuzzy Hash: 8C521DB264434A9FDB349F38CD957DABBA2BF55390F91422DDC8D8B210D7308A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143FE9, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 743nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,85AFC97F,?,00000000,?,?,?), ref: 02144B5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID: QG;$%{\2
                          • API String ID: 3527976591-543867728
                          • Opcode ID: de08b0aa9c9f93f1a969ac81f2305b4080b7a29bd75c87bcd9497fb3a7c71b95
                          • Instruction ID: 2a8f11fe952460be6e5ac0923a9536b25f819a947f953978ea3feb81e59a64f6
                          • Opcode Fuzzy Hash: de08b0aa9c9f93f1a969ac81f2305b4080b7a29bd75c87bcd9497fb3a7c71b95
                          • Instruction Fuzzy Hash: 27521DB264034A9FDB349F38CD957DAB7A2BF55390F95822DDC8D9B210D7308A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02147CB7, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 679COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID: 4O>4$L-d
                          • API String ID: 2706961497-3250529594
                          • Opcode ID: efc0b8cf50bfe13177e61874b13ccbf05b6d8b321990d49f91cd12509d2569e2
                          • Instruction ID: 816daf4210a604091cfc7ae9a38ac03fe70ccfbefba43683517e1708e1f3ce50
                          • Opcode Fuzzy Hash: efc0b8cf50bfe13177e61874b13ccbf05b6d8b321990d49f91cd12509d2569e2
                          • Instruction Fuzzy Hash: 544227316483858FDB35DF388C987DA7BE2AF56360F59826ECC998F296D7308541CB12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02148B5E, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 202COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: x2x<$XyG
                          • API String ID: 0-268215166
                          • Opcode ID: d543f20d51e29423d7abe89405541e64522adb6e65d8bb4c74caf295f43bc042
                          • Instruction ID: a284ac6accdb725c413ab60b1aa5b1f3e3ab7df6aecade17191e5703709f3542
                          • Opcode Fuzzy Hash: d543f20d51e29423d7abe89405541e64522adb6e65d8bb4c74caf295f43bc042
                          • Instruction Fuzzy Hash: 7781E170941346CFDB799E34C8A57EA77B2EF86310F55812ECC4A9F255DB308A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02148C81, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146nativethreadCOMMON
                          Download Yara Rule
                          APIs
                          • NtSetInformationThread.NTDLL ref: 02148E9E
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: InformationThread
                          • String ID: x2x<$XyG
                          • API String ID: 4046476035-268215166
                          • Opcode ID: 0c434f032227c36a307066dc91d918b59e61e8c1f64f5cca519c547e2020a09b
                          • Instruction ID: 4c9a6b81388345a63c8e96f1a9fe9b6a207698ab96da09d2af21eb1283e44b9f
                          • Opcode Fuzzy Hash: 0c434f032227c36a307066dc91d918b59e61e8c1f64f5cca519c547e2020a09b
                          • Instruction Fuzzy Hash: 1151D230941342DFCB799E75C8A97EB7BB1EF82310F51816ECC4A8B254DB308A84CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021440EF, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 708nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,85AFC97F,?,00000000,?,?,?), ref: 02144B5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID: QG;
                          • API String ID: 3527976591-766790425
                          • Opcode ID: 2b7f84c0c45d28b099b627b50b55b9b63ce194639dae56ab14c194c219431bdc
                          • Instruction ID: 3e78866da7020f7e6161affbcc94d00e1b4975a78dd05962dbf8dd0b1d426644
                          • Opcode Fuzzy Hash: 2b7f84c0c45d28b099b627b50b55b9b63ce194639dae56ab14c194c219431bdc
                          • Instruction Fuzzy Hash: 3252FBB264034A9FDB349E38CD997DABBA2FF55350F85412EDC899B210D7318A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02144345, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 564nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,85AFC97F,?,00000000,?,?,?), ref: 02144B5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID: QG;
                          • API String ID: 3527976591-766790425
                          • Opcode ID: 45916eb6a422801bf9c8d442c3042f7dc406681093031153b8b88fdcd95e0d4a
                          • Instruction ID: 92a584375c09f147e11f13d0ba4e94a781c755605fa41eaa480bbeb9e244a147
                          • Opcode Fuzzy Hash: 45916eb6a422801bf9c8d442c3042f7dc406681093031153b8b88fdcd95e0d4a
                          • Instruction Fuzzy Hash: AC22FCB164434A9FDF348E38CD947DA7BA2BF19390F85412EDC8D8B250D7718A86CB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214444B, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 521nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,85AFC97F,?,00000000,?,?,?), ref: 02144B5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID: QG;
                          • API String ID: 3527976591-766790425
                          • Opcode ID: 69265cdbbe7e084ab312e5faa605d955e7da85c1291853fcd7ed6e6cce7773ea
                          • Instruction ID: 2258899d0e93feae32f8e567fcaf882b5e348f2363ec8b82ea07a2f1d246e979
                          • Opcode Fuzzy Hash: 69265cdbbe7e084ab312e5faa605d955e7da85c1291853fcd7ed6e6cce7773ea
                          • Instruction Fuzzy Hash: B7122F7164434A9FDF349E38CCA47EA7BA2EF69390F85412EDC8D9B250D7314A86CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02145844, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 340COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: vF)
                          • API String ID: 2167126740-3905765964
                          • Opcode ID: a86ccda33b2383231fc87bbcaebd5f927bc1a85dec308bc510458edb8b79cfc2
                          • Instruction ID: 22fc2f056b507c4dedb9db1c597426a257352eab0a3bf37b3183c83f16829d28
                          • Opcode Fuzzy Hash: a86ccda33b2383231fc87bbcaebd5f927bc1a85dec308bc510458edb8b79cfc2
                          • Instruction Fuzzy Hash: 49D1137164434AAFDF389E78CD917EE77A7AF15340F91842DDC8A97214EB308A85CB12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02147229, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 161COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: `
                          • API String ID: 0-1850852036
                          • Opcode ID: 4fcb0f064c638c6d4d9cadce6ce0dc1eed1bd7d9671e007af12fddf79443f616
                          • Instruction ID: f6011b9c00815ec38396734cb787fd8b702e700ca8b999d21d9951bebd35e93f
                          • Opcode Fuzzy Hash: 4fcb0f064c638c6d4d9cadce6ce0dc1eed1bd7d9671e007af12fddf79443f616
                          • Instruction Fuzzy Hash: F0512671B413469FDF38DE7989687EE36E2AF86350F54812ECC0D9B284DB7446428F52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021453F6, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134memorynativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtAllocateVirtualMemory.NTDLL ref: 02145594
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: G\'
                          • API String ID: 2167126740-3926078560
                          • Opcode ID: 1ca5f74c82bda4635ec640a5f6bc1a96367db3c30906b1d2f6a83298e0e6351f
                          • Instruction ID: 9f69f022312e16235ef1b2652dad6bceba3705f45c995feb0d1f6ae10fa41df1
                          • Opcode Fuzzy Hash: 1ca5f74c82bda4635ec640a5f6bc1a96367db3c30906b1d2f6a83298e0e6351f
                          • Instruction Fuzzy Hash: 2B511FB16183888FDB749E28D8917EE37E7EF49310F96452DDC89DB210D7329A85CB02
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02145541, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125memorynativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtAllocateVirtualMemory.NTDLL ref: 02145594
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: G\'
                          • API String ID: 2167126740-3926078560
                          • Opcode ID: 6b4b6302870e69ec172cc1ec59d08cbe4d3227ed17108374b6276ccf79069c30
                          • Instruction ID: b054fdc8203f71f9547be3b0b3dac4a2d0f9bca5b9ee416fa0aa4401bf11468d
                          • Opcode Fuzzy Hash: 6b4b6302870e69ec172cc1ec59d08cbe4d3227ed17108374b6276ccf79069c30
                          • Instruction Fuzzy Hash: E74110B15452849FCB749F24DC957EA3BB3EF1A720F88061EE88C9F221D7319A84DB11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214093C, Relevance: 2.1, APIs: 1, Instructions: 581COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 01077cc04231510af3ab1fd0652bcaf24bcddf5f77b70a637ad5b5ee3a43600f
                          • Instruction ID: f003c83513fbf5a77f6f8b993429464bfe8b4a062b42444600a458e6dc5b56bd
                          • Opcode Fuzzy Hash: 01077cc04231510af3ab1fd0652bcaf24bcddf5f77b70a637ad5b5ee3a43600f
                          • Instruction Fuzzy Hash: 13228B71A443899FDF349E788C947DE37A3AF86310F55412EDC8D9B244DB358A82CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021409AE, Relevance: 2.1, APIs: 1, Instructions: 568COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cebf2a844c50bb4d9d39b37fc86ed0a742eff82364850343c3f3dbe9120d3101
                          • Instruction ID: 676f3cb77efff983c2d5adebe17d2666c75cd35955bb9fc73d0f90ed9d73de74
                          • Opcode Fuzzy Hash: cebf2a844c50bb4d9d39b37fc86ed0a742eff82364850343c3f3dbe9120d3101
                          • Instruction Fuzzy Hash: FC127871A443899FDF349E388C947EB3BA2EF86350F55412EDC8D9B244DB358A81CB52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02140ABB, Relevance: 2.0, APIs: 1, Instructions: 510COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ffce361ceaa5f4f24124c30f1983539d5baea330b5af14fc7ad93f60e2cb4040
                          • Instruction ID: 187fcc337b7825cff38a82eab780d6506376c851293614eb08ee8372ae3b7f48
                          • Opcode Fuzzy Hash: ffce361ceaa5f4f24124c30f1983539d5baea330b5af14fc7ad93f60e2cb4040
                          • Instruction Fuzzy Hash: 9F02AA71A443899FDF349E388C947DE77A3AF86350F55812ECC8C9B244DB358A82CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02140D5A, Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2973f1d4901f192157bde625f1ec0c3a8f7976fe0f7057b3838fb17e64e014c1
                          • Instruction ID: 2342a2d8dc5adac960dea6bb272b481522d45c2dce2db2ff56adb60ed8389474
                          • Opcode Fuzzy Hash: 2973f1d4901f192157bde625f1ec0c3a8f7976fe0f7057b3838fb17e64e014c1
                          • Instruction Fuzzy Hash: 84C1A971A44389AFDF34CE388C547DB7BA2AF46354F54422EDC9C9B294DB318682CB52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021447FF, Relevance: 1.8, APIs: 1, Instructions: 306nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,85AFC97F,?,00000000,?,?,?), ref: 02144B5A
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID:
                          • API String ID: 3527976591-0
                          • Opcode ID: ece5515296f05b7b983f0286c39629e12423a6d0f3f8bb7354e6f89c18d21aaa
                          • Instruction ID: a0fbe8a6122293345c864a1c7bd8f7cb2fc053541db9bcd0e4f4ee936b01a5cd
                          • Opcode Fuzzy Hash: ece5515296f05b7b983f0286c39629e12423a6d0f3f8bb7354e6f89c18d21aaa
                          • Instruction Fuzzy Hash: 55C10CB1640349DFDF358E38DD987DA7BA2EF69360F85412AEC8D8B250D7318A85CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02141B24, Relevance: 1.8, APIs: 1, Instructions: 282COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7627839cb8d7a799831c7606693d5466d47347405ce0408c8bad95d51e67187a
                          • Instruction ID: a5f75638b1856bdfb99df8236d8dc704ac239245f91f0189586933df2071d579
                          • Opcode Fuzzy Hash: 7627839cb8d7a799831c7606693d5466d47347405ce0408c8bad95d51e67187a
                          • Instruction Fuzzy Hash: 3FA153B2B453499FEB34DE688D84BEA37E7AF99350F55812E9C4CDB344DB308A418B50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02140E9A, Relevance: 1.8, APIs: 1, Instructions: 279COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf80812ca468fa05b53dd13a7216ee1b649d9b08b53858a2b5c41b8a53acd5b6
                          • Instruction ID: 409ef9577596b7468a766d63003dff90d9b4808f8ebe3f2ed9e752fcc0b0188f
                          • Opcode Fuzzy Hash: bf80812ca468fa05b53dd13a7216ee1b649d9b08b53858a2b5c41b8a53acd5b6
                          • Instruction Fuzzy Hash: CAA1D071A483999FDF34CE388C547DB3BA2AF06354F54412ECC9C9B284DB719A86CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02140E5C, Relevance: 1.8, APIs: 1, Instructions: 272COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ab30d9e7cd45a8499812f98c2b842adeb97e3e7f72e68bffca76587b5b8e525a
                          • Instruction ID: bb9c5e48e5b5db7dd71dd89034b6b411f150ccfccf7a25338c52efb670bf6df2
                          • Opcode Fuzzy Hash: ab30d9e7cd45a8499812f98c2b842adeb97e3e7f72e68bffca76587b5b8e525a
                          • Instruction Fuzzy Hash: 7FA1AB71A4839A9FDF34CE388C587DB3BA2AF06354F55412ECC9C9B285DB318682CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021438B4, Relevance: 1.7, APIs: 1, Instructions: 239COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3fe82c664fa85986cb03bb34722f10d666f3c22fa6337c8515f7269d2b16a04
                          • Instruction ID: 1485103df9d6dd95892e59b15677166343e3fafeb7ca8017b0faaa8b7d74a672
                          • Opcode Fuzzy Hash: f3fe82c664fa85986cb03bb34722f10d666f3c22fa6337c8515f7269d2b16a04
                          • Instruction Fuzzy Hash: AA913571A403459FDB349F28C888BDE77A6BF05360F51816ADC99CB2A0DB34DA81CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021404C0, Relevance: 1.7, APIs: 1, Instructions: 237COMMON
                          Download Yara Rule
                          APIs
                          • EnumWindows.USER32(021405B1,?,00000000,00000000), ref: 02140500
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: EnumWindows
                          • String ID:
                          • API String ID: 1129996299-0
                          • Opcode ID: 63290166729135e95825c78095e93bae4f78e0b46ae3c7eb714ada652198afd3
                          • Instruction ID: e1f233f9428498f8c7d1e52bd2b6c27a0078e5ee1ae3ec5a818af9989fc977b3
                          • Opcode Fuzzy Hash: 63290166729135e95825c78095e93bae4f78e0b46ae3c7eb714ada652198afd3
                          • Instruction Fuzzy Hash: 698178B56043499FDB24AF39C8A47EF37A7AF99350F82812EDC8D97204D7308985CB11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021401E9, Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID:
                          • API String ID: 2167126740-0
                          • Opcode ID: 7a79cf0d62ed81b900bd46c5f515871b8a35ed53beb7b6543b5618c47e276e75
                          • Instruction ID: bb680db87a850ade7cb31d58cb7859ef6d360a77920bd94c964d0f972f340e9c
                          • Opcode Fuzzy Hash: 7a79cf0d62ed81b900bd46c5f515871b8a35ed53beb7b6543b5618c47e276e75
                          • Instruction Fuzzy Hash: 71616574A84305AFEF34AE748A807EEB6E3AF46350F51462EDC9D96184DB3086818F13
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214104E, Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                          Download Yara Rule
                          APIs
                          • TerminateProcess.KERNELBASE(-74C994B7,5ED20CCC), ref: 02145014
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: ProcessTerminate
                          • String ID:
                          • API String ID: 560597551-0
                          • Opcode ID: 07d107b7d0d5e86cde18dfe6410d32cb7f7505d45aabbe2f8f051fb254e0679d
                          • Instruction ID: aec5bde0b6b6bb426aba32df227802ed30ed3aab672dee82c63ea2e902351e41
                          • Opcode Fuzzy Hash: 07d107b7d0d5e86cde18dfe6410d32cb7f7505d45aabbe2f8f051fb254e0679d
                          • Instruction Fuzzy Hash: 0B618975A447CA6FDF31CE388D187DA3BA2AF06354F45826DCC8C9B284C7319A85C781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214118E, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                          Download Yara Rule
                          APIs
                          • TerminateProcess.KERNELBASE(-74C994B7,5ED20CCC), ref: 02145014
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: ProcessTerminate
                          • String ID:
                          • API String ID: 560597551-0
                          • Opcode ID: a07e9826ceeaadcb4cac86da5e183d47937e173e2197ef88921f06ccd6ccc091
                          • Instruction ID: ec4e16ac075b8a09d02cb9391b629ef8963bc71802f6efc0f256f6411c816220
                          • Opcode Fuzzy Hash: a07e9826ceeaadcb4cac86da5e183d47937e173e2197ef88921f06ccd6ccc091
                          • Instruction Fuzzy Hash: D0411134A092C6AFCB71CE399D1D7DBBFA1AF42350F04829D9C989A188D7305285CB52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021411C6, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                          Download Yara Rule
                          APIs
                          • TerminateProcess.KERNELBASE(-74C994B7,5ED20CCC), ref: 02145014
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: ProcessTerminate
                          • String ID:
                          • API String ID: 560597551-0
                          • Opcode ID: f8ad0507e47f57c80c209ad7ac879c84fe695e6a2d8232311387de0d4b9dbc71
                          • Instruction ID: 43fca2001252185bfd92f18e84b3234c0ed2e2ce9503d27f7ca342034580efbb
                          • Opcode Fuzzy Hash: f8ad0507e47f57c80c209ad7ac879c84fe695e6a2d8232311387de0d4b9dbc71
                          • Instruction Fuzzy Hash: 274127319097C66FDB31CE3889193DE7FA2AF43360F05829DCC989B189C7749695C751
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021451A4, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNELBASE(?,203470D5), ref: 02145296
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: 4842bf7027df32cb82c8e9838463c3e51f2283253d3ee2ae8d19cdf80b8c50d7
                          • Instruction ID: ed2b79298e56401b78504ebe7ff0d28ad9977e444993535c194011e0635a379b
                          • Opcode Fuzzy Hash: 4842bf7027df32cb82c8e9838463c3e51f2283253d3ee2ae8d19cdf80b8c50d7
                          • Instruction Fuzzy Hash: 7F2106312443169FDB54AE398AE57FAB3E5BF25380F82092DCCEAC7565D7304A84CB02
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021421DB, Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID: /wyh
                          • API String ID: 2167126740-893334900
                          • Opcode ID: f2228460ac69d0d755dbab8963a5e778479801c9c149aa21735f629f6c178c17
                          • Instruction ID: 5eb7cf23d928a29b22f0688cd95f044a63d62a55e0201aedc6b08db16c8e60eb
                          • Opcode Fuzzy Hash: f2228460ac69d0d755dbab8963a5e778479801c9c149aa21735f629f6c178c17
                          • Instruction Fuzzy Hash: A3A134B16043499FDB24AF28CCA47EB77A7EF99350F85412DDC8E9B254DB348981CB11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02145FFA, Relevance: 1.5, APIs: 1, Instructions: 26libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 4fe3dfe1c99f3fef8cffecf84088105b4556d540e3fabc8341d9756833397bcd
                          • Instruction ID: b15829693f7430a2d84ace0c72564e25c5924a9f7344a74a398be65a1dade5f3
                          • Opcode Fuzzy Hash: 4fe3dfe1c99f3fef8cffecf84088105b4556d540e3fabc8341d9756833397bcd
                          • Instruction Fuzzy Hash: 03E0AB242C42C8998330E271400C689BA158F4322AB55836FC0992B881CF20A645CFC3
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021475BB, Relevance: .5, Instructions: 490COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0510005342365b2dfab13f735fb65df629c53babe448597c14b868542a339e9d
                          • Instruction ID: 053832ec40007f9686331c10737c63e163ee05399956c2d4faccb4f42c442a16
                          • Opcode Fuzzy Hash: 0510005342365b2dfab13f735fb65df629c53babe448597c14b868542a339e9d
                          • Instruction Fuzzy Hash: 550299B1A043459FDB349E78CDA47EE77E3AF45350F86412ECC899B284D7348A86CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021437A5, Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 01380857361668bd2450aa6908c7623499b4ffb7e980b9f14b52bbc4c7b91853
                          • Instruction ID: 78648966e7bfe6a61ed1a16127af574b0ac14fe4b64a4bde023e920204fee01e
                          • Opcode Fuzzy Hash: 01380857361668bd2450aa6908c7623499b4ffb7e980b9f14b52bbc4c7b91853
                          • Instruction Fuzzy Hash: C78178B16543499FDB289F78CCA47EB77A7AF59310F82412EDC8A9B244D7308984CB01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021405D8, Relevance: .2, Instructions: 164COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a87487ea5d5565b759916587803ad01460227ede9e3aaa440df9420953865e12
                          • Instruction ID: eb47822b95e678e21a356b3412353b924e56681147bf216242d98df0dcb7ee8b
                          • Opcode Fuzzy Hash: a87487ea5d5565b759916587803ad01460227ede9e3aaa440df9420953865e12
                          • Instruction Fuzzy Hash: 4E5165B5A043459FDB24AF78C8A43EF77A7AF99344F86412EDC8997244D7308985CB01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02140626, Relevance: .2, Instructions: 155COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aec279d813c49185c5d8fc355916fb383c32dec45181d8e9f49a84ea00ed78da
                          • Instruction ID: c9e1f721379eae4e5f8f15ff6204fa3ceb5d4450ab08bf2255590c924c32ba43
                          • Opcode Fuzzy Hash: aec279d813c49185c5d8fc355916fb383c32dec45181d8e9f49a84ea00ed78da
                          • Instruction Fuzzy Hash: 855166B56443459FDB249F74CC943EF77A7AF59344F82002EDC8997244D7348989CB01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021406D2, Relevance: .1, Instructions: 141COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4a6dc6d07b1fdb1f370c7371fa9a7e8d427b4941df97a9dd92367d549a0a1f26
                          • Instruction ID: 154675ebf9828edabfd29ec71321fc541019ecace20a1555dfcca4358b9d6b2a
                          • Opcode Fuzzy Hash: 4a6dc6d07b1fdb1f370c7371fa9a7e8d427b4941df97a9dd92367d549a0a1f26
                          • Instruction Fuzzy Hash: 2D4198716483469FEB24AF78C8943EFB7A6BF59354F82012EDD8AA7240D7348985CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021406E2, Relevance: .1, Instructions: 115COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71ababa2002f043d2590c8085d048da4fa69d9c93fa955ac31c99f39d487f200
                          • Instruction ID: 06c56eac4ad9a5a19eb52223366fe31d4f21adbeafa8b656e493fdcb9dfbe1a9
                          • Opcode Fuzzy Hash: 71ababa2002f043d2590c8085d048da4fa69d9c93fa955ac31c99f39d487f200
                          • Instruction Fuzzy Hash: 6F415671648345AFEB21AF79C8947EFB7A7AF99344F82043DDC89A7200D7348985CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00430BC4, Relevance: 221.8, APIs: 116, Strings: 10, Instructions: 1298COMMON
                          Download Yara Rule
                          APIs
                          • __vbaStrToAnsi.MSVBVM60(?,spearproof), ref: 00430D03
                          • __vbaSetSystemError.MSVBVM60(00000000,?,spearproof), ref: 00430D14
                          • __vbaFreeStr.MSVBVM60(00000000,?,spearproof), ref: 00430D33
                          • #610.MSVBVM60(?,00000000,?,spearproof), ref: 00430D48
                          • #552.MSVBVM60(?,?,00000001,?,00000000,?,spearproof), ref: 00430D5D
                          • __vbaVarMove.MSVBVM60(?,?,00000001,?,00000000,?,spearproof), ref: 00430D6E
                          • __vbaFreeVar.MSVBVM60(?,?,00000001,?,00000000,?,spearproof), ref: 00430D79
                          • __vbaNew2.MSVBVM60(0042F948,00434454,?,?,00000001,?,00000000,?,spearproof), ref: 00430D90
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000044), ref: 00430E5D
                          • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 00430E96
                          • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00430EA1
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,00000000,?,spearproof), ref: 00430EBC
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00430EDC
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000108), ref: 00430F05
                          • __vbaStrToAnsi.MSVBVM60(?,?), ref: 00430F17
                          • __vbaStrToAnsi.MSVBVM60(?,Laanemuligheder4,00000000,?,?), ref: 00430F29
                          • __vbaSetSystemError.MSVBVM60(00000000,?,Laanemuligheder4,00000000,?,?), ref: 00430F3A
                          • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000,?,Laanemuligheder4,00000000,?,?), ref: 00430F6A
                          • __vbaFreeObj.MSVBVM60(?), ref: 00430F78
                          • __vbaNew2.MSVBVM60(0042F948,00434454,?), ref: 00430F9A
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000014), ref: 00430FC1
                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,0042F990,000000D0), ref: 00430FF0
                          • __vbaStrMove.MSVBVM60(00000000,?,0042F990,000000D0), ref: 00431007
                          • __vbaFreeObj.MSVBVM60(00000000,?,0042F990,000000D0), ref: 00431012
                          • __vbaNew2.MSVBVM60(0042F948,00434454), ref: 00431029
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,0000001C), ref: 00431050
                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,0042F9A0,0000005C,?,?,?,?,?), ref: 0043109C
                          • __vbaStrMove.MSVBVM60(?,?,?,?,?), ref: 004310B4
                          • __vbaFreeObj.MSVBVM60(?,?,?,?,?), ref: 004310BF
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?), ref: 004310D9
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 004310F4
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9B0,000000F0), ref: 0043111D
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 0043112D
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00431148
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9C0,000000E8), ref: 00431171
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00431181
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 0043119C
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000130), ref: 004311C5
                          • __vbaStrMove.MSVBVM60(00000000,00000000,0042F980,00000130), ref: 004311DD
                          • __vbaStrCopy.MSVBVM60(00000000,00000000,0042F980,00000130), ref: 004311ED
                          • __vbaHresultCheckObj.MSVBVM60(00000000,000000FE,0042F488,000006F8), ref: 0043124F
                          • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0043126B
                          • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,00000003,?,?,?), ref: 00431287
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 0043129A
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 004312B5
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9E8,00000110), ref: 004312DE
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 004312EE
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00431309
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9B0,000000F8), ref: 00431334
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00431344
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 0043135F
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9E8,00000138), ref: 00431388
                          • __vbaStrCopy.MSVBVM60(00000000,00000000,0042F9E8,00000138), ref: 00431398
                          • __vbaStrMove.MSVBVM60(00000000,00000000,0042F9E8,00000138), ref: 004313B0
                          • __vbaHresultCheckObj.MSVBVM60(00000000,000000FE,0042F488,000006F8), ref: 00431412
                          • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0043142E
                          • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,00000003,?,?,?), ref: 0043144A
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 0043145D
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00431478
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000068), ref: 0043149B
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 004314AB
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 004314C6
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9B0,00000060), ref: 004314E9
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,?,00182DD5,?), ref: 00431584
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,00182DD5,?), ref: 00431597
                          • __vbaObjSet.MSVBVM60(?,00000000,?,00182DD5,?), ref: 004315B2
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042FA10,00000060,?,00182DD5,?), ref: 004315D5
                          • __vbaFreeObj.MSVBVM60(?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 0043163C
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 0043164C
                          • __vbaObjSet.MSVBVM60(?,00000000,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431667
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000150,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431690
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004316A0
                          • __vbaObjSet.MSVBVM60(?,00000000,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004316BB
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000070,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004316DE
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004316EE
                          • __vbaObjSet.MSVBVM60(?,00000000,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431709
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9C0,00000080,?,00518CAF,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431732
                          • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,C,?,00518CAF,?,?,4B7FFB7C,?), ref: 004317AE
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004317C1
                          • __vbaObjSet.MSVBVM60(?,00000000,?,4B7FFB7C,?,?,00182DD5,?), ref: 004317DC
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9B0,00000160,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431805
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431815
                          • __vbaObjSet.MSVBVM60(?,00000000,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431830
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000080,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431859
                          • __vbaHresultCheckObj.MSVBVM60(00000000,000000FE,0042F488,000006FC,?,4B7FFB7C,?,?,00182DD5,?), ref: 004318E6
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004318FB
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 0043190E
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431929
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000070,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 0043194C
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 0043195C
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431977
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9C0,000001C0,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004319A0
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004319B0
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004319CB
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042FA38,000000D0,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 004319F4
                          • __vbaHresultCheckObj.MSVBVM60(00000000,000000FE,0042F488,000006FC,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431A81
                          • __vbaFreeStr.MSVBVM60(?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431A8C
                          • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431AA8
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431ABB
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431AD6
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000070,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431AF9
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431B09
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5,?), ref: 00431B24
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000080,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431B4D
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,007F5A39,39BD99C0,?,?,?), ref: 00431BBE
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431BD1
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431BEC
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9E8,00000060,?,?,?), ref: 00431C0F
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431C1F
                          • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?), ref: 00431C3A
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000170,?,?,?), ref: 00431C63
                          • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5), ref: 00431C7B
                          • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C,?,?,00182DD5), ref: 00431C8B
                          • __vbaHresultCheckObj.MSVBVM60(00000000,000000FE,0042F488,000006F8,?,?,?), ref: 00431CED
                          • __vbaFreeStrList.MSVBVM60(00000002,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,4B7FFB7C), ref: 00431D02
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?,00000002,00000000,?,?,?,?), ref: 00431D17
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: __vba$CheckHresult$New2$Free$List$Move$AnsiCopy$ErrorSystem$#552#610Late
                          • String ID: C$CORANTO$Codi$Grilleres$Laanemuligheder4$Lineality$REFUSIONSSALDOERS$Sprogede6$spearproof$4
                          • API String ID: 2238139552-805979028
                          • Opcode ID: 09eef0bb9f018b44a7b8ec807f7c7675c362f6b57c32d8b81c5d5f02f2132548
                          • Instruction ID: b0ff59b7ee0f7c146334848be2af030ff7e32bc7879a59961dd64c287c7e4b1b
                          • Opcode Fuzzy Hash: 09eef0bb9f018b44a7b8ec807f7c7675c362f6b57c32d8b81c5d5f02f2132548
                          • Instruction Fuzzy Hash: CDB25EB1A00618AFDB20DB65CC45FEA77BCAF48344F0001EEB549F7191DB78AA458F68
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00432BD5, Relevance: 27.2, APIs: 18, Instructions: 164COMMON
                          Download Yara Rule
                          APIs
                          • __vbaStrCopy.MSVBVM60 ref: 00432C27
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00432C3F
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432C57
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,000001C8), ref: 00432C93
                          • __vbaFreeObj.MSVBVM60 ref: 00432C9B
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00432CB3
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432CCB
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,00000000), ref: 00432CF3
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432D0B
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9C0,00000150), ref: 00432D31
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9B0,000001EC), ref: 00432D60
                          • __vbaFreeStr.MSVBVM60 ref: 00432D68
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00432D79
                          • #704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00432D94
                          • __vbaStrMove.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00432D9E
                          • __vbaFreeVar.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 00432DA6
                          • __vbaFreeStr.MSVBVM60(00432DEE,?,000000FF,000000FE,000000FE,000000FE), ref: 00432DE0
                          • __vbaFreeStr.MSVBVM60(00432DEE,?,000000FF,000000FE,000000FE,000000FE), ref: 00432DE8
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: __vba$Free$CheckHresultNew2$#704CopyListMove
                          • String ID:
                          • API String ID: 3420054063-0
                          • Opcode ID: f59f0f4899c58369533f0b9c9598eb36b75edb2da98aa1915a874e1cbafd727c
                          • Instruction ID: 26a3dfeb4a146d5252217d22b066094ff945cc9a3714c27da0ce0bd2adb3b113
                          • Opcode Fuzzy Hash: f59f0f4899c58369533f0b9c9598eb36b75edb2da98aa1915a874e1cbafd727c
                          • Instruction Fuzzy Hash: A1516271A00218ABCB04EFA6D985FDE77B8BF08704F50416EF511F71E1DB7869058B98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401330, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 230COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: #100
                          • String ID: VB5!6%*
                          • API String ID: 1341478452-4246263594
                          • Opcode ID: fd12bdea4db60704e0e4ff75a8f6b5447b1c2ce97e30c668d4ffc6172e01bd03
                          • Instruction ID: db10775f9613a9cef7dfcb640d259d2a3f3745c2cc7a99156764660d0f41b3f6
                          • Opcode Fuzzy Hash: fd12bdea4db60704e0e4ff75a8f6b5447b1c2ce97e30c668d4ffc6172e01bd03
                          • Instruction Fuzzy Hash: AE7193A144E7C05FD3038BB498296A13FB0AE53229B4F45EBC4C1DF4F3E269180AD766
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021452AD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84fileCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNELBASE(?,203470D5), ref: 02145296
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID: &
                          • API String ID: 823142352-1499360005
                          • Opcode ID: 5250ad27d84a0af02517e39c6b5120d0a5c54a3f5b667d76a7330321f617d498
                          • Instruction ID: 113822d0272df3da0f0567b0768f90a4977ea3d10e37b4831effeccbc5d25d4e
                          • Opcode Fuzzy Hash: 5250ad27d84a0af02517e39c6b5120d0a5c54a3f5b667d76a7330321f617d498
                          • Instruction Fuzzy Hash: 8E31543990A391EFCB648F358D98BC67F75EF16714B9801DEE8881B216DB300655CF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146C68, Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e795639fc9d7a1d3fb3d692fa8e6978e7ea7244736dbe59d81d59dd23578c599
                          • Instruction ID: 023c385e46242587f94f70cfa6dc187dbddbdad18d114c80c50c8dc8f9b7a0a9
                          • Opcode Fuzzy Hash: e795639fc9d7a1d3fb3d692fa8e6978e7ea7244736dbe59d81d59dd23578c599
                          • Instruction Fuzzy Hash: B251BDB1B4025A9FDF28DF18C9947DE37A6AF4A310F558129EC4D9B240DB30AE418F51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146967, Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a2529505e4864f615b954648ab4122f6a1cc031cc3a221e43e27de85aaa57a27
                          • Instruction ID: 2e19ebe0c31830810e42b866918c053e5212f176b3bcc982f8564ae2dd32f15c
                          • Opcode Fuzzy Hash: a2529505e4864f615b954648ab4122f6a1cc031cc3a221e43e27de85aaa57a27
                          • Instruction Fuzzy Hash: 25415471B8138A9FDF39DE688D507EA37E6AF1A360F55412ADC5CCB244DB708A41CB21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214019B, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 40302c68aeac27f02ba2d08ccbb4532d23d279a13764f3c393a8d75efc84ad65
                          • Instruction ID: de3746a47443f55eae1907b44d67d369ac3d2fbf1ce63536b13f9be724c011b1
                          • Opcode Fuzzy Hash: 40302c68aeac27f02ba2d08ccbb4532d23d279a13764f3c393a8d75efc84ad65
                          • Instruction Fuzzy Hash: 20412631B853859EDF389FB485843DD2BA7AF07324FA5412D9C5C9B280DB718A418F22
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146AC1, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 423d07d6f5b56ba9be02f470ccd752c9b0b8a95262b458357019b0cad1396356
                          • Instruction ID: 0f404b3ce6381206426bf96a585f1fff5abb4160e213c4114d0dc35e6652e39b
                          • Opcode Fuzzy Hash: 423d07d6f5b56ba9be02f470ccd752c9b0b8a95262b458357019b0cad1396356
                          • Instruction Fuzzy Hash: 73314B75B813469FDF38DF6889807ED26E6AF16310F54813E9C5DC7280DB708A018F62
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02141299, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • TerminateProcess.KERNELBASE(-74C994B7,5ED20CCC), ref: 02145014
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: ProcessTerminate
                          • String ID:
                          • API String ID: 560597551-0
                          • Opcode ID: 3e29efaa64d78eca754312d4e3ae0220c1b036775ca0278c0ff5b40633955d88
                          • Instruction ID: 009cb4eafbb4e974319f1f96a68e0caccda483863a3fad92f6ce1966a06c3ede
                          • Opcode Fuzzy Hash: 3e29efaa64d78eca754312d4e3ae0220c1b036775ca0278c0ff5b40633955d88
                          • Instruction Fuzzy Hash: 13215F2050DBC27AC723DA3C89097EABFA1AF13260F4983DE8CE89B1C9D7225155C751
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0042F860, Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d72f7b94b8f26f587679a8bf1b5dadee1532e28c7b24ae92f1f0baff111dad7e
                          • Instruction ID: 89b52c948480378e4f8d01a45c640e99590afb59a4cd7219fcf44060605338ab
                          • Opcode Fuzzy Hash: d72f7b94b8f26f587679a8bf1b5dadee1532e28c7b24ae92f1f0baff111dad7e
                          • Instruction Fuzzy Hash: E1B012103841119A57007254BD8192451A0D2813843F00C33F401F2290C728DD04C22E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0042F8B8, Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8fb22eaf74145d6885aeee790a5b7451da9c8c52253a287ba4f476fd65a6998d
                          • Instruction ID: 695da97cfa436c67d5b5d8ea5b8f3c9cf75e32bc5114b6d39dbb6159547e7a0d
                          • Opcode Fuzzy Hash: 8fb22eaf74145d6885aeee790a5b7451da9c8c52253a287ba4f476fd65a6998d
                          • Instruction Fuzzy Hash: BFB012243941119B6B0072947C42D2153A0EBC47843E40C73F011E11D0D728EC08452D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 02147EB4, Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4O>4$L-d
                          • API String ID: 0-3250529594
                          • Opcode ID: 6bb56d21ed0a9f07086b79267f0696eb783bfdd8546e20d1b30e8da4127bbad0
                          • Instruction ID: 0d45a13a76c6a8d220b9aa662b8c4f791ef228fbd88efddc3404ba85fb6bfa11
                          • Opcode Fuzzy Hash: 6bb56d21ed0a9f07086b79267f0696eb783bfdd8546e20d1b30e8da4127bbad0
                          • Instruction Fuzzy Hash: 548117315483858FDF75CF348CA97DABBA1AF12350F5986AECC898F28AD7358641C712
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021458D6, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vF)
                          • API String ID: 0-3905765964
                          • Opcode ID: 8e9124f9d93a3be4d3904c63184a56d8ef191b2d6103fa07e4d0b223d4d25515
                          • Instruction ID: b66dcf9be1da6fd4df0601e394f23bcb2bbdee067c8fc89c28fc9562f7192e43
                          • Opcode Fuzzy Hash: 8e9124f9d93a3be4d3904c63184a56d8ef191b2d6103fa07e4d0b223d4d25515
                          • Instruction Fuzzy Hash: 5981017164034AAFCF749E35CD957EA7BB6EF05380F85442DDC8A8B611E7308A86CB12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214357C, Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: <{~
                          • API String ID: 0-2387585797
                          • Opcode ID: 34215fa3712867c4244298e849925bfbca19e3e8ec4e14a2a4b18a1f99bc44cc
                          • Instruction ID: 21baae99e41889bdee01f1436a40e99a09e70d74bc25b781aeae17e6b41d9934
                          • Opcode Fuzzy Hash: 34215fa3712867c4244298e849925bfbca19e3e8ec4e14a2a4b18a1f99bc44cc
                          • Instruction Fuzzy Hash: DF5137B17413999FEB709E358DE8BDB37A6AF05740F85002DED8DCB101D7318A44CA11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021470BE, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: d;H
                          • API String ID: 0-3737517937
                          • Opcode ID: 88d4205ec0780f492a29a745e7c55d160f48bf9ac8cd23a8011cfb80f4ce5ddb
                          • Instruction ID: c6292157904cc0c424336fcafaf6eedcfd1a8d31b2b23ed54efc3788aa7e189e
                          • Opcode Fuzzy Hash: 88d4205ec0780f492a29a745e7c55d160f48bf9ac8cd23a8011cfb80f4ce5ddb
                          • Instruction Fuzzy Hash: 86015675641284CFDB38CF18C9D0ACAB7A6BB89B10F55802ADD0C8B355C731EA02CF20
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02142A43, Relevance: .4, Instructions: 424COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d34d7492834bf93d7437b49db415c340fcf97b05245724a580035670e612ab7
                          • Instruction ID: 56231c9dd8bc0d1362c7b1537b7fa595a9414cf2b2c542319db65c0198ba29b4
                          • Opcode Fuzzy Hash: 6d34d7492834bf93d7437b49db415c340fcf97b05245724a580035670e612ab7
                          • Instruction Fuzzy Hash: F0F1EE71B4074ADFDB24CF28C894BDAB7A6FF59750F55822ADC5C97240DB70AA41CB80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143147, Relevance: .2, Instructions: 197COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06038440782df80c591f6a61e7eb724531ac1307b02bca37b99fc26cc952d0f6
                          • Instruction ID: ff414b6caf79e51598ea2c2d860c7a2ba4fc39c390a61dc2977cc8ac5971192f
                          • Opcode Fuzzy Hash: 06038440782df80c591f6a61e7eb724531ac1307b02bca37b99fc26cc952d0f6
                          • Instruction Fuzzy Hash: 8D61C0B6A8025A8FDB349E28CC947DA77A2FF55350F954129DC9C97300DB349E49CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02141B2E, Relevance: .2, Instructions: 195COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ce3bf2d8a56c1e5a75e572d10a40c8338ff5c575522b1ac1bc8fa9e270d4df07
                          • Instruction ID: 64e8a141ce5e95a72980ccb30944c9469a84dbca49c81085727de7f5a04d32ec
                          • Opcode Fuzzy Hash: ce3bf2d8a56c1e5a75e572d10a40c8338ff5c575522b1ac1bc8fa9e270d4df07
                          • Instruction Fuzzy Hash: D6615AB2A402499FDF348E29CD94BDA77E7AF99750F45412ADC4CDB348C7718A428B50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021475BE, Relevance: .2, Instructions: 195COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b15b8f58d1accbafba25f38694a038af2a612f5007bfd91aaf48cfce99e8734
                          • Instruction ID: e04628774dcd52f43fab3e9dd4de02e32c9a95ffb08ea241e722509edce1285c
                          • Opcode Fuzzy Hash: 5b15b8f58d1accbafba25f38694a038af2a612f5007bfd91aaf48cfce99e8734
                          • Instruction Fuzzy Hash: 4F618A72A002169FDB344E38C9697DAB7B2EF45750F5A022EDC8957284D7309AC6CB86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02141706, Relevance: .2, Instructions: 164COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID:
                          • API String ID: 2167126740-0
                          • Opcode ID: 1894d3734040cef01d5f84e2451fb5f0ef1e82fab4e1959d31c408b972392d88
                          • Instruction ID: e34c2101e631e6762a9b1a6bc073e0114a6b313dbb30ffe8c3627485adb68420
                          • Opcode Fuzzy Hash: 1894d3734040cef01d5f84e2451fb5f0ef1e82fab4e1959d31c408b972392d88
                          • Instruction Fuzzy Hash: 7651F531608BC65ADB328E3C8C597DB7F626F57320F99839DC89C5B286C7315552C781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214770F, Relevance: .2, Instructions: 156COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 97d5a9c801943b4a6e6c2060b6776f01af0ab12f989e128b29b7516c9c0b4cbe
                          • Instruction ID: 0136f4845f203cea10f5e74332de1f75bae1137a9d6e2c2ff60e5fe617c45013
                          • Opcode Fuzzy Hash: 97d5a9c801943b4a6e6c2060b6776f01af0ab12f989e128b29b7516c9c0b4cbe
                          • Instruction Fuzzy Hash: 72517972A0024AAFDB348E68C9647EA77B3EF44340F56062EDC8D57284C7705AC6CB46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 021426CA, Relevance: .2, Instructions: 155COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ead653bce0e95a63461983cd58969912306313b3b87e5043666ff5a4dd31d9b2
                          • Instruction ID: d6fa947da0fd8f961c6fdc863d39b469c97785c2a25f5159fd84f44c8a7c4acf
                          • Opcode Fuzzy Hash: ead653bce0e95a63461983cd58969912306313b3b87e5043666ff5a4dd31d9b2
                          • Instruction Fuzzy Hash: D6513372941358DFCB708E358C487DB7BBAEFE6B50F5A012AEC489B254D3314A85CB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143BE2, Relevance: .2, Instructions: 150COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f2e546db7f043e88314d1ca96aa97d49c802839b85d366eda5451b1c91de62fc
                          • Instruction ID: d07a906c397798d9c7bda56f4551ddb7bea073f232efeb9c120e9c621cdf98fa
                          • Opcode Fuzzy Hash: f2e546db7f043e88314d1ca96aa97d49c802839b85d366eda5451b1c91de62fc
                          • Instruction Fuzzy Hash: EC51D4316417459FDF38CE2A89E83DF32E2AF98304FB4856ACC5D5B608D731A981CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0214824D, Relevance: .1, Instructions: 139COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ff3f68b16c4435a5aa8bfd4b900801464f91696f06a9092046d8b48ecf8cff6c
                          • Instruction ID: a77eb3e5380c05425091a327c87b561c3ec0af7514266b39b71c8a7f728d4e76
                          • Opcode Fuzzy Hash: ff3f68b16c4435a5aa8bfd4b900801464f91696f06a9092046d8b48ecf8cff6c
                          • Instruction Fuzzy Hash: 73513672A442455BDB38CE39CDE43DB77A3AFAA250F59812ECC8E8B649D73085468A11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02147AF5, Relevance: .1, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1d96bb69e24e1c0169fd5fddcbacbabc75cfdf79eb6319402438111e3cffb50d
                          • Instruction ID: 169bab05ac6bfef1f1cb8c5eceaa85c0d321db8b8cb0700671c9d4b06bbacc6a
                          • Opcode Fuzzy Hash: 1d96bb69e24e1c0169fd5fddcbacbabc75cfdf79eb6319402438111e3cffb50d
                          • Instruction Fuzzy Hash: 572128726427498BDB388E399D357D733A3AFD6260F55021FCC4B9B290DB318A828B01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02143EC0, Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1400a60b3bbf9f008126e1f3da13e82bd57188f0276840059380fabb8fd4fced
                          • Instruction ID: e82dff979a8c8c3a92ad463de077d924dd62704c08c2d3410324a889942edc6b
                          • Opcode Fuzzy Hash: 1400a60b3bbf9f008126e1f3da13e82bd57188f0276840059380fabb8fd4fced
                          • Instruction Fuzzy Hash: B811BC316483008FCB546E34DA922BEBBE1EF52360F9A0A1DDAD2921A4D37409C5DB03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146F73, Relevance: .0, Instructions: 47COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c08bdda2759b0c83f128a6791dec68ddbcc1a7d7aea75fd9febb3fc1eb8b0fc
                          • Instruction ID: f4e5d5e4ac59f6989f2b834b365523eaf0e613d889a3fd7584026db633c85735
                          • Opcode Fuzzy Hash: 9c08bdda2759b0c83f128a6791dec68ddbcc1a7d7aea75fd9febb3fc1eb8b0fc
                          • Instruction Fuzzy Hash: 6001AD3524838ACFCB38DE2498E43EB23A2EF1B744F864126DC49CB551E3369589C712
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146E24, Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 35ead8da88381e0ce6059fde50c10ece565018dae250ef1965bb0c7f736f7068
                          • Instruction ID: d61581fb4a104b8dbe0bd4b02c168e581b3b169d89c8c4c7e6e7bc31d13a1945
                          • Opcode Fuzzy Hash: 35ead8da88381e0ce6059fde50c10ece565018dae250ef1965bb0c7f736f7068
                          • Instruction Fuzzy Hash: 15D05E3110018A9FCF218F29CD487CE7B67BF923A0F108228FC19A6190D772CF518A90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02145022, Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4294420f0826f5bc2c00e06abd4decf697420ef1cd01d96577d8ed4cd254c4d8
                          • Instruction ID: 290ace613b6555900f67097c8ae28f80657543b550e837e1fe69e96cb1b7a3de
                          • Opcode Fuzzy Hash: 4294420f0826f5bc2c00e06abd4decf697420ef1cd01d96577d8ed4cd254c4d8
                          • Instruction Fuzzy Hash: 83C092FB202581CFEB41DB0CC491B8073A1FB24A48BC404A0E842CF71AC224ED41CB04
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 02146B34, Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf9e92d1e5c217bc22db8f79576e66618c3505ccf5d32c72a7aeb542b96153fa
                          • Instruction ID: 6949b9b75cd7542e4f557d30197da177321de833ab70246019129f7d803d9e86
                          • Opcode Fuzzy Hash: bf9e92d1e5c217bc22db8f79576e66618c3505ccf5d32c72a7aeb542b96153fa
                          • Instruction Fuzzy Hash: 41B092302A15808FCB45CE08C1C0E0073A1B744640B410880E001CBAA1C224EC00CA00
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00432934, Relevance: 39.2, APIs: 26, Instructions: 198COMMON
                          Download Yara Rule
                          APIs
                          • __vbaStrCopy.MSVBVM60 ref: 0043298C
                          • __vbaNew2.MSVBVM60(0042F948,00434454), ref: 004329A3
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000014), ref: 004329C8
                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,0042F990,00000130), ref: 004329F8
                          • __vbaStrMove.MSVBVM60(00000000,?,0042F990,00000130), ref: 00432A06
                          • __vbaFreeObj.MSVBVM60(00000000,?,0042F990,00000130), ref: 00432A0E
                          • #560.MSVBVM60(?), ref: 00432A1E
                          • __vbaFreeVar.MSVBVM60(?), ref: 00432A34
                          • __vbaNew2.MSVBVM60(0042F948,00434454,?), ref: 00432A54
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000014), ref: 00432A74
                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,0042F990,00000130), ref: 00432A9D
                          • __vbaStrMove.MSVBVM60(00000000,?,0042F990,00000130), ref: 00432AAB
                          • __vbaFreeObj.MSVBVM60(00000000,?,0042F990,00000130), ref: 00432AB3
                          • __vbaNew2.MSVBVM60(0042F948,00434454), ref: 00432ACA
                          • __vbaObjVar.MSVBVM60(?), ref: 00432ADB
                          • __vbaObjSetAddref.MSVBVM60(?,00000000,?), ref: 00432AE5
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000010), ref: 00432AFC
                          • __vbaFreeObj.MSVBVM60(00000000,020DE8B4,0042F938,00000010), ref: 00432B04
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?), ref: 00432B1C
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432B34
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000198), ref: 00432B5A
                          • __vbaFreeObj.MSVBVM60(00000000,00000000,0042F980,00000198), ref: 00432B68
                          • __vbaFreeStr.MSVBVM60(00432BAE), ref: 00432B90
                          • __vbaFreeStr.MSVBVM60(00432BAE), ref: 00432B98
                          • __vbaFreeStr.MSVBVM60(00432BAE), ref: 00432BA0
                          • __vbaFreeVar.MSVBVM60(00432BAE), ref: 00432BA8
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: __vba$Free$CheckHresult$New2$Move$#560AddrefCopy
                          • String ID:
                          • API String ID: 4235209719-0
                          • Opcode ID: bcf8c706b99db04601c36676d24a6e41dfa079b5582be26c2304a3a11746a177
                          • Instruction ID: c1423ce5c12b2c4b574031c65fe7a80395d619b9ed9ed082f72282d88b5a6126
                          • Opcode Fuzzy Hash: bcf8c706b99db04601c36676d24a6e41dfa079b5582be26c2304a3a11746a177
                          • Instruction Fuzzy Hash: D3618270E00219ABCB14EFA6D885EDEB7B8EF58304F50447EF111F71A1DA786909CB58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00432723, Relevance: 28.7, APIs: 19, Instructions: 151COMMON
                          Download Yara Rule
                          APIs
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 0043276F
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432787
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042FB3C,00000134), ref: 004327C3
                          • __vbaFreeObj.MSVBVM60(00000000,00000000,0042FB3C,00000134), ref: 004327CB
                          • #696.MSVBVM60(0042FB50), ref: 004327D5
                          • #704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE,0042FB50), ref: 004327FB
                          • __vbaStrMove.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE,0042FB50), ref: 00432805
                          • __vbaFreeVar.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE,0042FB50), ref: 0043280D
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,?,000000FF,000000FE,000000FE,000000FE,0042FB50), ref: 00432825
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 0043283D
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,00000170), ref: 00432863
                          • #529.MSVBVM60(00000002), ref: 0043287D
                          • __vbaFreeObj.MSVBVM60(00000002), ref: 00432885
                          • __vbaFreeVar.MSVBVM60(00000002), ref: 0043288D
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010,0042FB50), ref: 004328A5
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 004328BD
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9C0,00000058), ref: 004328DD
                          • __vbaFreeObj.MSVBVM60(00000000,00000000,0042F9C0,00000058), ref: 004328EB
                          • __vbaFreeStr.MSVBVM60(00432919), ref: 00432913
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: __vba$Free$CheckHresultNew2$#529#696#704Move
                          • String ID:
                          • API String ID: 640063502-0
                          • Opcode ID: d8fc5d446533a55316a0e307b3f28a11a38dc4499473a2e2492fc759b926a15a
                          • Instruction ID: c2fda3f4506ae53223b19686265dfab4e0f721b73c1867d2d676e03128cc8d1a
                          • Opcode Fuzzy Hash: d8fc5d446533a55316a0e307b3f28a11a38dc4499473a2e2492fc759b926a15a
                          • Instruction Fuzzy Hash: 02511A70A00218ABCB14EBA6DD85FDE77B8AF08704F50067EF511F72E1DB7869058B68
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00432E13, Relevance: 24.2, APIs: 16, Instructions: 172COMMON
                          Download Yara Rule
                          APIs
                          • __vbaNew2.MSVBVM60(0042F948,00434454), ref: 00432E5B
                          • __vbaHresultCheckObj.MSVBVM60(00000000,020DE8B4,0042F938,00000014), ref: 00432E7F
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00432EA8
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432EC0
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042FA38,0000013C), ref: 00432EE6
                          • __vbaHresultCheckObj.MSVBVM60(00000000,?,0042F990,0000013C), ref: 00432F15
                          • __vbaFreeStr.MSVBVM60 ref: 00432F1D
                          • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00432F2E
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00432F49
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432F61
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F980,000001D0), ref: 00432F99
                          • __vbaFreeObj.MSVBVM60 ref: 00432FA1
                          • __vbaNew2.MSVBVM60(0042FCD4,00434010), ref: 00432FB9
                          • __vbaObjSet.MSVBVM60(?,00000000), ref: 00432FD1
                          • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0042F9E8,00000078), ref: 00432FF1
                          • __vbaFreeObj.MSVBVM60 ref: 00432FFF
                          Memory Dump Source
                          • Source File: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000001.00000002.745227286.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746052606.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Download File
                          Yara matches
                          Similarity
                          • API ID: __vba$CheckHresult$FreeNew2$List
                          • String ID:
                          • API String ID: 3473554973-0
                          • Opcode ID: eb678c9f3d39e5a4f9df96214f3de4139dd66eaab9dd55ed8939619f27d39f79
                          • Instruction ID: 30e5718719045ac056bf5e9e3402fd759a5bf7ce3b3457348a4afd3427220cf3
                          • Opcode Fuzzy Hash: eb678c9f3d39e5a4f9df96214f3de4139dd66eaab9dd55ed8939619f27d39f79
                          • Instruction Fuzzy Hash: 39515170A00214ABCB04EFA6DD86FEF77B8BF58704F50046AF510F7191D6B8A9058B68
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212 Parent PID: 6508 SecuriteInfo.com.Variant.Graftor.981190.24096.exeCOMMON

                          Executed Functions

                          Function 1E3D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 37fb29c6fe3145658dbb9328d16a11e2be946da6d9028cc9a7a83ea515f9bbe7
                          • Instruction ID: 6d77953ee6aab01513a8102f9ca9f8a339648ac616981084350f7fac571f0098
                          • Opcode Fuzzy Hash: 37fb29c6fe3145658dbb9328d16a11e2be946da6d9028cc9a7a83ea515f9bbe7
                          • Instruction Fuzzy Hash: 9490027520101806D180716E440965E000557D1781FD1C125E4015654DCA558A5977E1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E3D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 63044638f493b191f539c47a2d6c40f8d7ce8f907ff660e6e421454f843e5ae5
                          • Instruction ID: 3cf15d84dcae78538f82a1c58e332881798b5aeafca2f09969f68fcd99ab8ebc
                          • Opcode Fuzzy Hash: 63044638f493b191f539c47a2d6c40f8d7ce8f907ff660e6e421454f843e5ae5
                          • Instruction Fuzzy Hash: 9590027520109806D110616E840975E000557D0781FD5C521E8414658D86D588917161
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E3D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: eee17e996f36a5cd9fb84e643573494ca64f4d622fbcad186ed25a3f70d775b1
                          • Instruction ID: fe719339c2a1a59803d900b7391cdc196b8a1fdeda38c7fdc179d0e223c9bda8
                          • Opcode Fuzzy Hash: eee17e996f36a5cd9fb84e643573494ca64f4d622fbcad186ed25a3f70d775b1
                          • Instruction Fuzzy Hash: 0A90027520101417D111616E450971B000957D06C1FD1C522E4414558D96968952B161
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00568FC4, Relevance: 1.5, APIs: 1, Instructions: 45threadCOMMON
                          Download Yara Rule
                          APIs
                          • TerminateThread.KERNELBASE(0926C506), ref: 00569074
                          Memory Dump Source
                          • Source File: 00000008.00000002.1729363746.0000000000568000.00000040.00000001.sdmp, Offset: 00568000, based on PE: false
                          Similarity
                          • API ID: TerminateThread
                          • String ID:
                          • API String ID: 1852365436-0
                          • Opcode ID: 8ff75772d4d341a0218608f5f73bf579d17adf78f24ec970dd5a874ee0d9585b
                          • Instruction ID: d89283b24034d58d0692e9397e29cfbb80efac58620ab588071eb3c6bb43581d
                          • Opcode Fuzzy Hash: 8ff75772d4d341a0218608f5f73bf579d17adf78f24ec970dd5a874ee0d9585b
                          • Instruction Fuzzy Hash: C4019635506215EFCBA94F32E86E7E7BFB5EF51710F44005EA8C69A550D7310680CF02
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00568FA2, Relevance: 1.5, APIs: 1, Instructions: 42threadCOMMON
                          Download Yara Rule
                          APIs
                          • TerminateThread.KERNELBASE(0926C506), ref: 00569074
                          Memory Dump Source
                          • Source File: 00000008.00000002.1729363746.0000000000568000.00000040.00000001.sdmp, Offset: 00568000, based on PE: false
                          Similarity
                          • API ID: TerminateThread
                          • String ID:
                          • API String ID: 1852365436-0
                          • Opcode ID: 82d5225aa8b6a3400c4dbab5d381e5bbf5300e474aa594135eccd770de573a27
                          • Instruction ID: 7728d5ea2b62836f49a7f98aab83e12c14e16edc28930f0652e660c21dee9a77
                          • Opcode Fuzzy Hash: 82d5225aa8b6a3400c4dbab5d381e5bbf5300e474aa594135eccd770de573a27
                          • Instruction Fuzzy Hash: 02F0AF7020838A9AD7789F21D9A93FA37A6FF50350F84041EDDCA97240DB3446808A12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0056903F, Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                          Download Yara Rule
                          APIs
                          • TerminateThread.KERNELBASE(0926C506), ref: 00569074
                          Memory Dump Source
                          • Source File: 00000008.00000002.1729363746.0000000000568000.00000040.00000001.sdmp, Offset: 00568000, based on PE: false
                          Similarity
                          • API ID: TerminateThread
                          • String ID:
                          • API String ID: 1852365436-0
                          • Opcode ID: 64b9ab53122d66fc4ad2fa1a4d16d2f0593c088e14bc32b0af5d17a731f4b5f4
                          • Instruction ID: 93b80031c077bf2f0ffecb5b29fd9b9e8b59beb3bcfe41b4ee06ba5ee88886a4
                          • Opcode Fuzzy Hash: 64b9ab53122d66fc4ad2fa1a4d16d2f0593c088e14bc32b0af5d17a731f4b5f4
                          • Instruction Fuzzy Hash: 9BF0907510824A9BDB789F31ED5A7FE7BA6FF90310F80051DDDCA97240CB3046818A02
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E3D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 17805a91ce89d95805eb2e433455d7eb0b6c5bcdc8d733b1718a55d4e1c92660
                          • Instruction ID: 9dc3fc0d7781670b415bce55abb366b7500b3d6a050ce368e594cb940c5dda2f
                          • Opcode Fuzzy Hash: 17805a91ce89d95805eb2e433455d7eb0b6c5bcdc8d733b1718a55d4e1c92660
                          • Instruction Fuzzy Hash: 72B09B729015D5C9D601D775460C71B790177D0751FD7C261D1024645E4778C495F6B5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 1E3C8E00, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 44%
                          			E1E3C8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x1e48d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1e488464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1e485780 & 0x00000003) != 0) {
							E1E415510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1e485780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E1E3DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1e487984; // 0x702bf0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1e488464; // 0x73b80110
					 *0x1e48b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E1E3C9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1e485780 & 0x00000005) != 0) {
						_push(_t49);
						E1E415510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                          0x1e3c8e0f
                          0x1e3c8e16
                          0x1e3c8e19
                          0x1e3c8e1b
                          0x1e3c8e21
                          0x1e3c8e7f
                          0x1e3c8e85
                          0x1e409354
                          0x1e40936c
                          0x1e409371
                          0x1e40937b
                          0x1e409381
                          0x1e409381
                          0x1e40937b
                          0x1e3c8e9d
                          0x1e3c8e9d
                          0x1e3c8e29
                          0x1e3c8e2c
                          0x1e3c8e38
                          0x1e3c8e3e
                          0x1e3c8e43
                          0x1e3c8eb5
                          0x1e3c8eb9
                          0x1e4092aa
                          0x1e4092af
                          0x1e4092e8
                          0x1e4092e8
                          0x1e4092af
                          0x1e3c8eb9
                          0x1e3c8e45
                          0x1e3c8e53
                          0x1e3c8e5b
                          0x1e3c8e5f
                          0x1e3c8e78
                          0x1e3c8e78
                          0x1e3c8e7d
                          0x1e3c8ec3
                          0x1e3c8ecd
                          0x1e3c8ed2
                          0x1e3c8ed2
                          0x1e3c8ec5
                          0x1e3c8ec5
                          0x00000000
                          0x1e3c8e7d
                          0x1e3c8e67
                          0x1e3c8ea4
                          0x1e40931a
                          0x00000000
                          0x00000000
                          0x1e409320
                          0x1e3c8ea4
                          0x1e3c8e70
                          0x1e409325
                          0x1e409340
                          0x1e409345
                          0x1e409345
                          0x1e3c8e76
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          Strings
                          • minkernel\ntdll\ldrsnap.c, xrefs: 1E40933B, 1E409367
                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E40932A
                          • LdrpFindDllActivationContext, xrefs: 1E409331, 1E40935D
                          • Querying the active activation context failed with status 0x%08lx, xrefs: 1E409357
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                          • API String ID: 3446177414-3779518884
                          • Opcode ID: 802335a35236edaa5ec9f66c45f00594a3b0a339a478467cbf7326a3ca065ce4
                          • Instruction ID: d34ffb25a1e51fe52c2a453f33845cdfcbd13f51983a35bdfefb43cdf3a040df
                          • Opcode Fuzzy Hash: 802335a35236edaa5ec9f66c45f00594a3b0a339a478467cbf7326a3ca065ce4
                          • Instruction Fuzzy Hash: 24410732D10266AFDB11AB758898E65F2B6BBC4274F06477FE90457150E774FE80C6C1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E46E824, Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 50%
                          			E1E46E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x1e48d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L1E3BFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E1E3BFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x1e48b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E1E3B2280(E1E3DF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E1E3AFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x1e48b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E1E3DB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E1E3CF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x1e48b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x1e48b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E1E46E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E1E46E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E1E46E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E1E3BFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E1E46E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                          0x1e46e833
                          0x1e46e839
                          0x1e46e83e
                          0x1e46e841
                          0x1e46e848
                          0x1e46e84b
                          0x1e46e851
                          0x1e46e8b2
                          0x1e46e8b2
                          0x1e46e8b5
                          0x1e46e90b
                          0x1e46e911
                          0x1e46e913
                          0x1e46e913
                          0x1e46e91a
                          0x1e46e91d
                          0x1e46e922
                          0x1e46e924
                          0x1e46e924
                          0x1e46e924
                          0x1e46e92f
                          0x1e46e933
                          0x1e46e935
                          0x1e46e93a
                          0x1e46e940
                          0x1e46e948
                          0x1e46e950
                          0x1e46e955
                          0x00000000
                          0x00000000
                          0x1e46e957
                          0x1e46e95c
                          0x1e46e9cb
                          0x1e46e9d2
                          0x1e46e9d4
                          0x1e46e9f2
                          0x1e46e9f6
                          0x1e46ea10
                          0x1e46ea18
                          0x1e46ea1a
                          0x1e46ea1f
                          0x1e46ea2c
                          0x1e46ea2d
                          0x1e46ea2e
                          0x1e46ea32
                          0x1e46ea3d
                          0x1e46ea42
                          0x1e46ea45
                          0x1e46ea51
                          0x1e46ea60
                          0x1e46ea65
                          0x1e46ea68
                          0x1e46ea6a
                          0x1e46ea6a
                          0x1e46ea6a
                          0x1e46ea6f
                          0x1e46ea76
                          0x1e46ea7c
                          0x1e46ea7e
                          0x1e46ea81
                          0x1e46ea85
                          0x1e46ea88
                          0x1e46ea8c
                          0x1e46ea8f
                          0x1e46ea93
                          0x1e46ea98
                          0x00000000
                          0x00000000
                          0x1e46ea9a
                          0x1e46ea9d
                          0x1e46eaa2
                          0x1e46eb0e
                          0x1e46eb15
                          0x1e46eb17
                          0x1e46eb33
                          0x1e46eb36
                          0x1e46eb39
                          0x1e46eb3f
                          0x1e46eb45
                          0x1e46eb4a
                          0x1e46eb52
                          0x1e46ecb1
                          0x1e46ecb9
                          0x1e46ecbe
                          0x1e46ecc3
                          0x1e46ecc6
                          0x1e46eceb
                          0x1e46ecee
                          0x1e46ecf9
                          0x1e46ecfe
                          0x1e46ed00
                          0x1e46ed05
                          0x1e46ed07
                          0x1e46ed0a
                          0x1e46ed0c
                          0x1e46ed0e
                          0x1e46ed12
                          0x1e46ed19
                          0x1e46ed1e
                          0x1e46ed24
                          0x1e46ed2a
                          0x1e46ed2a
                          0x1e46ed2c
                          0x1e46ed3e
                          0x1e46ed3e
                          0x1e46eb5a
                          0x1e46eb62
                          0x1e46eb69
                          0x00000000
                          0x00000000
                          0x1e46eb6f
                          0x1e46eb75
                          0x1e46eb79
                          0x1e46eb79
                          0x1e46eb88
                          0x1e46eb8e
                          0x1e46eb90
                          0x1e46eb92
                          0x1e46eb97
                          0x1e46ed3f
                          0x1e46ed45
                          0x00000000
                          0x00000000
                          0x1e46ed4b
                          0x1e46ed4e
                          0x00000000
                          0x1e46eb9d
                          0x1e46eb9d
                          0x1e46eb9d
                          0x1e46eba2
                          0x1e46ebb5
                          0x1e46ebbc
                          0x1e46ebbe
                          0x1e46ebbe
                          0x1e46ebc3
                          0x1e46ebc5
                          0x1e46ebcb
                          0x1e46ebd2
                          0x1e46ebd5
                          0x1e46ebdb
                          0x1e46ebdf
                          0x1e46ebe1
                          0x1e46ebf0
                          0x1e46ebf9
                          0x1e46ec04
                          0x1e46ec07
                          0x1e46ec0a
                          0x1e46ec82
                          0x1e46ec85
                          0x1e46ec8b
                          0x1e46ec91
                          0x1e46ec93
                          0x1e46ec96
                          0x1e46ec9b
                          0x1e46eca6
                          0x1e46ecac
                          0x1e46ecae
                          0x1e46ecae
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x1e46ec0c
                          0x1e46ec0c
                          0x1e46ec0c
                          0x1e46ec0f
                          0x1e46ec12
                          0x1e46ec15
                          0x1e46ec15
                          0x1e46ec18
                          0x1e46ec1e
                          0x00000000
                          0x00000000
                          0x1e46ec22
                          0x1e46ec28
                          0x1e46ec4b
                          0x1e46ec5b
                          0x1e46ec5d
                          0x1e46ec63
                          0x1e46ec65
                          0x1e46ec68
                          0x1e46ec6b
                          0x1e46ec6b
                          0x1e46ec70
                          0x1e46ec71
                          0x1e46ec74
                          0x1e46ec7d
                          0x00000000
                          0x1e46ebe3
                          0x1e46ebe3
                          0x1e46ebe6
                          0x1e46ebe6
                          0x1e46ebe7
                          0x1e46ebe9
                          0x1e46ebec
                          0x00000000
                          0x1e46ebe6
                          0x1e46ebe1
                          0x1e46eba4
                          0x1e46eba9
                          0x1e46ebb0
                          0x1e46ebb3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x1e46ebab
                          0x1e46ebab
                          0x1e46ebab
                          0x1e46ebac
                          0x1e46ebac
                          0x00000000
                          0x1e46ebab
                          0x1e46eb97
                          0x1e46eb19
                          0x1e46eb1c
                          0x1e46eb21
                          0x1e46eb26
                          0x1e46eb2c
                          0x1e46eb2c
                          0x00000000
                          0x1e46eb26
                          0x1e46ead6
                          0x1e46ead9
                          0x1e46eadc
                          0x1e46eadc
                          0x1e46eadc
                          0x1e46eade
                          0x1e46eae4
                          0x00000000
                          0x00000000
                          0x1e46eaee
                          0x1e46eaf7
                          0x1e46eaf9
                          0x00000000
                          0x00000000
                          0x1e46eb04
                          0x1e46eb12
                          0x00000000
                          0x1e46eb12
                          0x1e46eb06
                          0x00000000
                          0x1e46eb06
                          0x1e46eaf0
                          0x1e46eaf2
                          0x1e46eaf4
                          0x00000000
                          0x1e46eaf4
                          0x1e46ea6a
                          0x1e46ea21
                          0x00000000
                          0x1e46ea21
                          0x1e46e9d6
                          0x1e46e9d6
                          0x1e46e9e0
                          0x1e46e9e2
                          0x1e46e9e2
                          0x1e46e9e8
                          0x00000000
                          0x1e46e9e8
                          0x1e46e987
                          0x1e46e98f
                          0x1e46e992
                          0x1e46e995
                          0x1e46e995
                          0x1e46e998
                          0x1e46e998
                          0x1e46e99a
                          0x1e46e9a0
                          0x00000000
                          0x00000000
                          0x1e46e9a9
                          0x1e46e9b2
                          0x1e46e9b4
                          0x00000000
                          0x00000000
                          0x1e46e9ba
                          0x1e46e9c1
                          0x1e46e9cf
                          0x00000000
                          0x1e46e9cf
                          0x1e46e9c3
                          0x00000000
                          0x1e46e9c3
                          0x1e46e9ab
                          0x1e46e9ad
                          0x1e46e9af
                          0x00000000
                          0x1e46e9af
                          0x1e46e924
                          0x1e46e8b7
                          0x1e46e8ba
                          0x1e46e902
                          0x1e46e908
                          0x1e46e90a
                          0x00000000
                          0x1e46e90a
                          0x1e46e8bc
                          0x1e46e8bf
                          0x1e46e8f9
                          0x1e46e8ff
                          0x1e46e901
                          0x00000000
                          0x1e46e901
                          0x1e46e8c1
                          0x1e46e8c4
                          0x1e46e8f0
                          0x1e46e8f6
                          0x1e46e8f8
                          0x00000000
                          0x1e46e8f8
                          0x1e46e8c6
                          0x1e46e8c9
                          0x1e46e8e7
                          0x1e46e8ed
                          0x1e46e8ef
                          0x00000000
                          0x1e46e8ef
                          0x1e46e8cb
                          0x1e46e8ce
                          0x1e46e8de
                          0x1e46e8e4
                          0x1e46e8e6
                          0x00000000
                          0x1e46e8e6
                          0x1e46e8d3
                          0x00000000
                          0x1e46e8d5
                          0x1e46e8db
                          0x1e46e8dd
                          0x00000000
                          0x1e46e8dd
                          0x1e46e853
                          0x1e46e855
                          0x1e46e85b
                          0x1e46e85d
                          0x1e46e897
                          0x1e46e89c
                          0x1e46e8a2
                          0x1e46e8a6
                          0x1e46e8ab
                          0x1e46e8ad
                          0x1e46e8ad
                          0x00000000
                          0x1e46e85d

                          APIs
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 81d58f7bce0de9d69804b6bb83c0a9a5c4433bfc3c3d0430266058ef26028f89
                          • Instruction ID: 0e36f08a7aff52e9fd17831c2b130c7a49393ebe1f54573cd220a27eacf7af8f
                          • Opcode Fuzzy Hash: 81d58f7bce0de9d69804b6bb83c0a9a5c4433bfc3c3d0430266058ef26028f89
                          • Instruction Fuzzy Hash: 7202B472E006568FCB18CFA9C89167EBBF6EF8C200B15466EE456DB380D734EA45CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E3C645B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 26%
                          			E1E3C645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1e48d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E1E3DFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E1E3B2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E1E3AFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x1e48b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E1E3DB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                          0x1e3c645b
                          0x1e3c6463
                          0x1e3c646d
                          0x1e3c6475
                          0x1e3c647a
                          0x1e3c647e
                          0x1e3c6480
                          0x1e3c648c
                          0x1e3c6490
                          0x1e3c6495
                          0x1e3c6498
                          0x1e3c649b
                          0x1e3c649f
                          0x1e3c64a1
                          0x1e407c07
                          0x1e407c09
                          0x1e407c0c
                          0x00000000
                          0x1e3c64a7
                          0x1e3c64a7
                          0x1e3c64aa
                          0x1e407bf7
                          0x1e407c00
                          0x00000000
                          0x1e407bf9
                          0x1e407bf9
                          0x1e407bf9
                          0x1e3c64b0
                          0x1e3c64b0
                          0x1e3c64b2
                          0x1e3c64b2
                          0x1e3c64b3
                          0x1e3c64ba
                          0x1e3c6553
                          0x1e3c655e
                          0x1e3c6566
                          0x1e3c656c
                          0x1e3c6575
                          0x1e3c657f
                          0x1e3c6585
                          0x1e3c6588
                          0x1e3c6588
                          0x1e3c64c7
                          0x1e3c64cb
                          0x1e3c64ce
                          0x1e3c64d3
                          0x1e3c64da
                          0x1e3c64e5
                          0x1e3c64ed
                          0x1e3c64f1
                          0x1e3c64f5
                          0x1e3c64f6
                          0x1e3c64fa
                          0x1e3c6502
                          0x1e3c6503
                          0x1e3c6504
                          0x1e3c6507
                          0x1e3c651a
                          0x1e3c6524
                          0x1e3c6524
                          0x1e3c6526
                          0x1e3c6526
                          0x1e3c64aa
                          0x1e3c652c
                          0x1e3c652d
                          0x1e3c652e
                          0x1e3c6539

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: 0$0
                          • API String ID: 3446177414-203156872
                          • Opcode ID: e999946f7ba43dfbd0a37e161094d504fff27ea677379d36123c3e86db631a88
                          • Instruction ID: 333fbcf56147986e062919925e19cea793430cc7eafa9c03a6e8ade64e6b2464
                          • Opcode Fuzzy Hash: e999946f7ba43dfbd0a37e161094d504fff27ea677379d36123c3e86db631a88
                          • Instruction Fuzzy Hash: 82415BB16087469FC300CF28C484A5ABBE5FF89B14F044A6EF989DB341D731EA45CB86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 1E42FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                          Download Yara Rule
                          C-Code - Quality: 53%
                          			E1E42FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E1E3DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E1E425720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E1E425720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                          0x1e42fdda
                          0x1e42fde2
                          0x1e42fde5
                          0x1e42fdec
                          0x1e42fdfa
                          0x1e42fdff
                          0x1e42fe0a
                          0x1e42fe0f
                          0x1e42fe17
                          0x1e42fe1e
                          0x1e42fe19
                          0x1e42fe19
                          0x1e42fe19
                          0x1e42fe20
                          0x1e42fe21
                          0x1e42fe22
                          0x1e42fe25
                          0x1e42fe40

                          APIs
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1E42FDFA
                          Strings
                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 1E42FE2B
                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 1E42FE01
                          Memory Dump Source
                          • Source File: 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp, Offset: 1E370000, based on PE: true
                          • Associated: 00000008.00000002.1734611796.000000001E48B000.00000040.00000001.sdmp Download File
                          • Associated: 00000008.00000002.1734624155.000000001E48F000.00000040.00000001.sdmp Download File
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                          • API String ID: 885266447-3903918235
                          • Opcode ID: 4e5b656b11d07d670e92d29ad71721cbf6a823379e337a096f8f9d08067d6850
                          • Instruction ID: 84d2bfc16738eee7f36048a7a2a4e7a438eb33754d95abafe92fb0dbd440d925
                          • Opcode Fuzzy Hash: 4e5b656b11d07d670e92d29ad71721cbf6a823379e337a096f8f9d08067d6850
                          • Instruction Fuzzy Hash: 7DF0F676500142BFDB210A45EC01F73BB6AEB84730F550325F628562D1DA62FC7096F1
                          Uniqueness

                          Uniqueness Score: -1.00%