Loading ...

Play interactive tourEdit tour

Windows Analysis Report gLO4rDsniT

Overview

General Information

Sample Name:gLO4rDsniT (renamed file extension from none to exe)
Analysis ID:483687
MD5:ebcd5648eab5a3214ec61d4bed956a36
SHA1:b2a43a1489ce76373df3ba5e4ba54172a6cc92f4
SHA256:bef7f97dcb40fd71e9a9fca6f43389749245f17e7a3092219d20217b8ad8e36a
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Injects a PE file into a foreign processes
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • gLO4rDsniT.exe (PID: 6308 cmdline: 'C:\Users\user\Desktop\gLO4rDsniT.exe' MD5: EBCD5648EAB5A3214EC61D4BED956A36)
    • powershell.exe (PID: 6740 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20 MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • gLO4rDsniT.exe (PID: 3880 cmdline: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe MD5: EBCD5648EAB5A3214EC61D4BED956A36)
      • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.inboundtechnology.net/b9qq/"], "decoy": ["tmalborz.com", "jiutianbath.com", "yazdir.info", "budget.sucks", "harman-enterprises.com", "kedaidaging.com", "exiteight.com", "urpropertymanager.com", "tomorrowsrider.com", "otlpro.com", "shopfunda.com", "xinhaojc1998.com", "fyqyzs.com", "legal-plaza.net", "bonmarchefr.net", "3bestrehab.com", "riyadhalnarjes.com", "bharateeyaswasrayadarshan.com", "inchingforhelp.com", "lojongdev.com", "jonathanbrowndrums.com", "rongnhonhatban.online", "gelora.site", "shirleyswigsinc.com", "pepsi-vm.com", "lovabubble.com", "wwwburlingtontownshipcourts.com", "findousd.com", "santavitrine.com", "sabaidiver.com", "actionclassiccars.com", "comdevfund.info", "geomasala.com", "leviathanpursuits.net", "fenrirnoise.com", "planeadvisory.com", "goehub.com", "greyriverstay.com", "monikalupaczewska.com", "yournorwegiancourse.com", "xn--hgbque4i.com", "topdex.info", "canvasgoogle.com", "leal-am.com", "peach-dev.finance", "us-phoneprotection.com", "nek.cool", "oraclenailstucson.com", "bloortoqueen.com", "hfhscn.com", "grooveautohacking.com", "getallentownpets.com", "storiesofablonde.com", "assistance-habitation.com", "aandzauto.services", "eating4mentalhealth.com", "getcareerpower.com", "hayokapan.com", "georgestuff.com", "manage-autpypl-account.com", "cjbwxs.com", "goodgly.com", "toptoffee.com", "salonefestival.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x4695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x4181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x4797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x33fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x9787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xa82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x66b9:$sqlite3step: 68 34 1C 7B E1
    • 0x67cc:$sqlite3step: 68 34 1C 7B E1
    • 0x66e8:$sqlite3text: 68 38 2A 90 C5
    • 0x680d:$sqlite3text: 68 38 2A 90 C5
    • 0x66fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x6823:$sqlite3blob: 68 53 D8 7F 8C
    00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      24.2.gLO4rDsniT.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        24.2.gLO4rDsniT.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        24.2.gLO4rDsniT.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        24.2.gLO4rDsniT.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          24.2.gLO4rDsniT.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Non Interactive PowerShellShow sources
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20, CommandLine|base64offset|contains: Jy, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\Desktop\gLO4rDsniT.exe' , ParentImage: C:\Users\user\Desktop\gLO4rDsniT.exe, ParentProcessId: 6308, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20, ProcessId: 6740
          Sigma detected: T1086 PowerShell ExecutionShow sources
          Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132762045907911739.6740.DefaultAppDomain.powershell

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.inboundtechnology.net/b9qq/"], "decoy": ["tmalborz.com", "jiutianbath.com", "yazdir.info", "budget.sucks", "harman-enterprises.com", "kedaidaging.com", "exiteight.com", "urpropertymanager.com", "tomorrowsrider.com", "otlpro.com", "shopfunda.com", "xinhaojc1998.com", "fyqyzs.com", "legal-plaza.net", "bonmarchefr.net", "3bestrehab.com", "riyadhalnarjes.com", "bharateeyaswasrayadarshan.com", "inchingforhelp.com", "lojongdev.com", "jonathanbrowndrums.com", "rongnhonhatban.online", "gelora.site", "shirleyswigsinc.com", "pepsi-vm.com", "lovabubble.com", "wwwburlingtontownshipcourts.com", "findousd.com", "santavitrine.com", "sabaidiver.com", "actionclassiccars.com", "comdevfund.info", "geomasala.com", "leviathanpursuits.net", "fenrirnoise.com", "planeadvisory.com", "goehub.com", "greyriverstay.com", "monikalupaczewska.com", "yournorwegiancourse.com", "xn--hgbque4i.com", "topdex.info", "canvasgoogle.com", "leal-am.com", "peach-dev.finance", "us-phoneprotection.com", "nek.cool", "oraclenailstucson.com", "bloortoqueen.com", "hfhscn.com", "grooveautohacking.com", "getallentownpets.com", "storiesofablonde.com", "assistance-habitation.com", "aandzauto.services", "eating4mentalhealth.com", "getcareerpower.com", "hayokapan.com", "georgestuff.com", "manage-autpypl-account.com", "cjbwxs.com", "goodgly.com", "toptoffee.com", "salonefestival.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: gLO4rDsniT.exeVirustotal: Detection: 32%Perma Link
          Source: gLO4rDsniT.exeReversingLabs: Detection: 40%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORY
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeVirustotal: Detection: 32%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeReversingLabs: Detection: 40%
          Machine Learning detection for sampleShow sources
          Source: gLO4rDsniT.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeJoe Sandbox ML: detected
          Source: 24.2.gLO4rDsniT.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: gLO4rDsniT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: gLO4rDsniT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: gLO4rDsniT.exe, 00000018.00000002.544829153.00000000014EF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: gLO4rDsniT.exe
          Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: gLO4rDsniT.exe
          Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256/ source: gLO4rDsniT.exe

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.inboundtechnology.net/b9qq/
          Source: gLO4rDsniT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: gLO4rDsniT.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: gLO4rDsniT.exeString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
          Source: gLO4rDsniT.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: gLO4rDsniT.exeString found in binary or memory: http://james.newtonking.com/projects/json
          Source: powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: gLO4rDsniT.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: gLO4rDsniT.exeString found in binary or memory: http://ocsp.digicert.com0K
          Source: gLO4rDsniT.exeString found in binary or memory: http://ocsp.digicert.com0N
          Source: gLO4rDsniT.exeString found in binary or memory: http://ocsp.digicert.com0O
          Source: powershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: gLO4rDsniT.exe, 00000001.00000002.466072258.0000000002B8C000.00000004.00000001.sdmp, powershell.exe, 00000006.00000002.371504237.0000000004E51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: powershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000006.00000002.374276316.00000000056CB000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
          Source: powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: gLO4rDsniT.exeString found in binary or memory: https://www.digicert.com/CPS0
          Source: gLO4rDsniT.exeString found in binary or memory: https://www.newtonsoft.com/json
          Source: gLO4rDsniT.exeString found in binary or memory: https://www.newtonsoft.com/jsonschema
          Source: gLO4rDsniT.exeString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: gLO4rDsniT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeCode function: 1_2_070240801_2_07024080
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeCode function: 1_2_070240701_2_07024070
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeCode function: 1_2_07025C891_2_07025C89
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeCode function: 1_2_006F3ECE1_2_006F3ECE
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D8CEB86_2_04D8CEB8
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D88B586_2_04D88B58
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D88B4A6_2_04D88B4A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D8DA786_2_04D8DA78
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D8DA686_2_04D8DA68
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0040103024_2_00401030
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041BAC724_2_0041BAC7
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041CBDC24_2_0041CBDC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00408C5C24_2_00408C5C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00408C6024_2_00408C60
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041B5E824_2_0041B5E8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00402D8724_2_00402D87
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00402D9024_2_00402D90
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00402FB024_2_00402FB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FF90024_2_013FF900
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141412024_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F680024_2_013F6800
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B100224_2_014B1002
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014CE82424_2_014CE824
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A83024_2_0141A830
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C28EC24_2_014C28EC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B09024_2_0140B090
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A024_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C20A824_2_014C20A8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141AB4024_2_0141AB40
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149CB4F24_2_0149CB4F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141336024_2_01413360
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A30924_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B231B24_2_014B231B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C2B2824_2_014C2B28
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B03DA24_2_014B03DA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BDBD224_2_014BDBD2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142ABD824_2_0142ABD8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A23E324_2_014A23E3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01448BE824_2_01448BE8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149EB8A24_2_0149EB8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142138B24_2_0142138B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141EB9A24_2_0141EB9A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142EBB024_2_0142EBB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014AFA2B24_2_014AFA2B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B23624_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BE2C524_2_014BE2C5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C22AE24_2_014C22AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C32A924_2_014C32A9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01412D5024_2_01412D50
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C1D5524_2_014C1D55
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F0D2024_2_013F0D20
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C2D0724_2_014C2D07
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C25DD24_2_014C25DD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140D5E024_2_0140D5E0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142258124_2_01422581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D8224_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014265A024_2_014265A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BD46624_2_014BD466
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B47724_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140841F24_2_0140841F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B449624_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014CDFCE24_2_014CDFCE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B67E224_2_014B67E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C1FF124_2_014C1FF1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141560024_2_01415600
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BD61624_2_014BD616
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00963ECE24_2_00963ECE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: String function: 01485720 appears 65 times
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: String function: 0144D08C appears 41 times
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: String function: 013FB150 appears 154 times
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004181C0 NtCreateFile,24_2_004181C0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00418270 NtReadFile,24_2_00418270
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004182F0 NtClose,24_2_004182F0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004183A0 NtAllocateVirtualMemory,24_2_004183A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004182EA NtClose,24_2_004182EA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041839D NtAllocateVirtualMemory,24_2_0041839D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439910 NtAdjustPrivilegesToken,LdrInitializeThunk,24_2_01439910
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014399A0 NtCreateSection,LdrInitializeThunk,24_2_014399A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439860 NtQuerySystemInformation,LdrInitializeThunk,24_2_01439860
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439A50 NtCreateFile,LdrInitializeThunk,24_2_01439A50
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439A00 NtProtectVirtualMemory,LdrInitializeThunk,24_2_01439A00
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014395D0 NtClose,LdrInitializeThunk,24_2_014395D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439710 NtQueryInformationToken,LdrInitializeThunk,24_2_01439710
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439FE0 NtCreateMutant,LdrInitializeThunk,24_2_01439FE0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439780 NtMapViewOfSection,LdrInitializeThunk,24_2_01439780
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439660 NtAllocateVirtualMemory,LdrInitializeThunk,24_2_01439660
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014396E0 NtFreeVirtualMemory,LdrInitializeThunk,24_2_014396E0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439950 NtQueueApcThread,24_2_01439950
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014399D0 NtCreateProcessEx,24_2_014399D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143B040 NtSuspendThread,24_2_0143B040
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439840 NtDelayExecution,24_2_01439840
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439820 NtEnumerateKey,24_2_01439820
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014398F0 NtReadVirtualMemory,24_2_014398F0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014398A0 NtWriteVirtualMemory,24_2_014398A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439B00 NtSetValueKey,24_2_01439B00
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143A3B0 NtGetContextThread,24_2_0143A3B0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439A10 NtQuerySection,24_2_01439A10
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439A20 NtResumeThread,24_2_01439A20
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439A80 NtOpenDirectoryObject,24_2_01439A80
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439540 NtReadFile,24_2_01439540
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439560 NtWriteFile,24_2_01439560
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439520 NtWaitForSingleObject,24_2_01439520
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143AD30 NtSetContextThread,24_2_0143AD30
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014395F0 NtQueryInformationFile,24_2_014395F0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439760 NtOpenProcess,24_2_01439760
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143A770 NtOpenThread,24_2_0143A770
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439770 NtSetInformationFile,24_2_01439770
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143A710 NtOpenProcessToken,24_2_0143A710
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439730 NtQueryVirtualMemory,24_2_01439730
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014397A0 NtUnmapViewOfSection,24_2_014397A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439650 NtQueryValueKey,24_2_01439650
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439670 NtQueryInformationProcess,24_2_01439670
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01439610 NtEnumerateValueKey,24_2_01439610
          Source: gLO4rDsniT.exeBinary or memory string: OriginalFilename vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000001.00000002.464892605.0000000001030000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameEldvvwydeqtuviuraf.dllF vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000001.00000002.463955476.0000000000CA0000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameVxddsbqhvdmitgr.dll" vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000001.00000000.238967806.00000000006F2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000001.00000000.238967806.00000000006F2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBEB.exe0 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000001.00000002.466492327.0000000002C92000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exeBinary or memory string: OriginalFilename vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000018.00000002.544829153.00000000014EF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000018.00000002.543650246.0000000000962000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exe, 00000018.00000002.543650246.0000000000962000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBEB.exe0 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exeBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exeBinary or memory string: OriginalFilenameBEB.exe0 vs gLO4rDsniT.exe
          Source: gLO4rDsniT.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: gLO4rDsniT.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: gLO4rDsniT.exeVirustotal: Detection: 32%
          Source: gLO4rDsniT.exeReversingLabs: Detection: 40%
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile read: C:\Users\user\Desktop\gLO4rDsniT.exeJump to behavior
          Source: gLO4rDsniT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\gLO4rDsniT.exe 'C:\Users\user\Desktop\gLO4rDsniT.exe'
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gLO4rDsniT.exe.logJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile created: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@6/8@0/0
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6748:120:WilError_01
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: gLO4rDsniT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: gLO4rDsniT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: gLO4rDsniT.exe, 00000018.00000002.544829153.00000000014EF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: gLO4rDsniT.exe
          Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: gLO4rDsniT.exe
          Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256/ source: gLO4rDsniT.exe
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeCode function: 1_2_07027177 push edi; ret 1_2_07027179
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_04D8326F push dword ptr [esp+ecx*2-75h]; ret 6_2_04D83273
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041612D push esp; ret 24_2_0041612E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0040F371 push cs; retf 24_2_0040F377
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041B3B5 push eax; ret 24_2_0041B408
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041B46C push eax; ret 24_2_0041B472
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041B402 push eax; ret 24_2_0041B408
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0041B40B push eax; ret 24_2_0041B472
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00419C9C push eax; iretd 24_2_00419C9D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0144D0D1 push ecx; ret 24_2_0144D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.11687874343
          Source: initial sampleStatic PE information: section name: .text entropy: 7.11687874343
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeFile created: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeJump to dropped file
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\gLO4rDsniT.exe TID: 6312Thread sleep time: -34000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exe TID: 6392Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5432Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6884Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004088B0 rdtsc 24_2_004088B0
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2312Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2041Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: powershell.exe, 00000006.00000002.372800204.0000000005294000.00000004.00000001.sdmpBinary or memory string: Hyper-V
          Source: explorer.exe, 00000019.00000000.478669261.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000019.00000000.478669261.000000000891C000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000019.00000000.469435502.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000019.00000000.497503166.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000019.00000000.472332532.00000000053D7000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000019.00000000.497503166.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: powershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_004088B0 rdtsc 24_2_004088B0
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B944 mov eax, dword ptr fs:[00000030h]24_2_0141B944
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B944 mov eax, dword ptr fs:[00000030h]24_2_0141B944
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F3138 mov ecx, dword ptr fs:[00000030h]24_2_013F3138
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1951 mov eax, dword ptr fs:[00000030h]24_2_014B1951
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BE962 mov eax, dword ptr fs:[00000030h]24_2_014BE962
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8966 mov eax, dword ptr fs:[00000030h]24_2_014C8966
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9100 mov eax, dword ptr fs:[00000030h]24_2_013F9100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9100 mov eax, dword ptr fs:[00000030h]24_2_013F9100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9100 mov eax, dword ptr fs:[00000030h]24_2_013F9100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01400100 mov eax, dword ptr fs:[00000030h]24_2_01400100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01400100 mov eax, dword ptr fs:[00000030h]24_2_01400100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01400100 mov eax, dword ptr fs:[00000030h]24_2_01400100
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FB171 mov eax, dword ptr fs:[00000030h]24_2_013FB171
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FB171 mov eax, dword ptr fs:[00000030h]24_2_013FB171
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FC962 mov eax, dword ptr fs:[00000030h]24_2_013FC962
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01414120 mov eax, dword ptr fs:[00000030h]24_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01414120 mov eax, dword ptr fs:[00000030h]24_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01414120 mov eax, dword ptr fs:[00000030h]24_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01414120 mov eax, dword ptr fs:[00000030h]24_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01414120 mov ecx, dword ptr fs:[00000030h]24_2_01414120
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F395E mov eax, dword ptr fs:[00000030h]24_2_013F395E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F395E mov eax, dword ptr fs:[00000030h]24_2_013F395E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142513A mov eax, dword ptr fs:[00000030h]24_2_0142513A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142513A mov eax, dword ptr fs:[00000030h]24_2_0142513A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B19D8 mov eax, dword ptr fs:[00000030h]24_2_014B19D8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014841E8 mov eax, dword ptr fs:[00000030h]24_2_014841E8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F519E mov eax, dword ptr fs:[00000030h]24_2_013F519E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F519E mov ecx, dword ptr fs:[00000030h]24_2_013F519E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C89E7 mov eax, dword ptr fs:[00000030h]24_2_014C89E7
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BA189 mov eax, dword ptr fs:[00000030h]24_2_014BA189
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BA189 mov ecx, dword ptr fs:[00000030h]24_2_014BA189
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141C182 mov eax, dword ptr fs:[00000030h]24_2_0141C182
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142A185 mov eax, dword ptr fs:[00000030h]24_2_0142A185
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422990 mov eax, dword ptr fs:[00000030h]24_2_01422990
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424190 mov eax, dword ptr fs:[00000030h]24_2_01424190
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FB1E1 mov eax, dword ptr fs:[00000030h]24_2_013FB1E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FB1E1 mov eax, dword ptr fs:[00000030h]24_2_013FB1E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FB1E1 mov eax, dword ptr fs:[00000030h]24_2_013FB1E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F31E0 mov eax, dword ptr fs:[00000030h]24_2_013F31E0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014769A6 mov eax, dword ptr fs:[00000030h]24_2_014769A6
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014261A0 mov eax, dword ptr fs:[00000030h]24_2_014261A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014261A0 mov eax, dword ptr fs:[00000030h]24_2_014261A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B49A4 mov eax, dword ptr fs:[00000030h]24_2_014B49A4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B49A4 mov eax, dword ptr fs:[00000030h]24_2_014B49A4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B49A4 mov eax, dword ptr fs:[00000030h]24_2_014B49A4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B49A4 mov eax, dword ptr fs:[00000030h]24_2_014B49A4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014751BE mov eax, dword ptr fs:[00000030h]24_2_014751BE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014751BE mov eax, dword ptr fs:[00000030h]24_2_014751BE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014751BE mov eax, dword ptr fs:[00000030h]24_2_014751BE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014751BE mov eax, dword ptr fs:[00000030h]24_2_014751BE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov eax, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov eax, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov eax, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov ecx, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014199BF mov eax, dword ptr fs:[00000030h]24_2_014199BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1843 mov eax, dword ptr fs:[00000030h]24_2_014B1843
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01410050 mov eax, dword ptr fs:[00000030h]24_2_01410050
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01410050 mov eax, dword ptr fs:[00000030h]24_2_01410050
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141F86D mov eax, dword ptr fs:[00000030h]24_2_0141F86D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2073 mov eax, dword ptr fs:[00000030h]24_2_014B2073
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C1074 mov eax, dword ptr fs:[00000030h]24_2_014C1074
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6800 mov eax, dword ptr fs:[00000030h]24_2_013F6800
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6800 mov eax, dword ptr fs:[00000030h]24_2_013F6800
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6800 mov eax, dword ptr fs:[00000030h]24_2_013F6800
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01477016 mov eax, dword ptr fs:[00000030h]24_2_01477016
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01477016 mov eax, dword ptr fs:[00000030h]24_2_01477016
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01477016 mov eax, dword ptr fs:[00000030h]24_2_01477016
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C4015 mov eax, dword ptr fs:[00000030h]24_2_014C4015
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C4015 mov eax, dword ptr fs:[00000030h]24_2_014C4015
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424020 mov edi, dword ptr fs:[00000030h]24_2_01424020
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F7057 mov eax, dword ptr fs:[00000030h]24_2_013F7057
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B02A mov eax, dword ptr fs:[00000030h]24_2_0140B02A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B02A mov eax, dword ptr fs:[00000030h]24_2_0140B02A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B02A mov eax, dword ptr fs:[00000030h]24_2_0140B02A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B02A mov eax, dword ptr fs:[00000030h]24_2_0140B02A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142002D mov eax, dword ptr fs:[00000030h]24_2_0142002D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142002D mov eax, dword ptr fs:[00000030h]24_2_0142002D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142002D mov eax, dword ptr fs:[00000030h]24_2_0142002D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142002D mov eax, dword ptr fs:[00000030h]24_2_0142002D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142002D mov eax, dword ptr fs:[00000030h]24_2_0142002D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5050 mov eax, dword ptr fs:[00000030h]24_2_013F5050
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5050 mov eax, dword ptr fs:[00000030h]24_2_013F5050
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5050 mov eax, dword ptr fs:[00000030h]24_2_013F5050
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A830 mov eax, dword ptr fs:[00000030h]24_2_0141A830
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A830 mov eax, dword ptr fs:[00000030h]24_2_0141A830
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A830 mov eax, dword ptr fs:[00000030h]24_2_0141A830
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A830 mov eax, dword ptr fs:[00000030h]24_2_0141A830
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B18CA mov eax, dword ptr fs:[00000030h]24_2_014B18CA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov eax, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov ecx, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov eax, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov eax, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov eax, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148B8D0 mov eax, dword ptr fs:[00000030h]24_2_0148B8D0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B8E4 mov eax, dword ptr fs:[00000030h]24_2_0141B8E4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B8E4 mov eax, dword ptr fs:[00000030h]24_2_0141B8E4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028FD mov eax, dword ptr fs:[00000030h]24_2_014028FD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028FD mov eax, dword ptr fs:[00000030h]24_2_014028FD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028FD mov eax, dword ptr fs:[00000030h]24_2_014028FD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9080 mov eax, dword ptr fs:[00000030h]24_2_013F9080
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F3880 mov eax, dword ptr fs:[00000030h]24_2_013F3880
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F3880 mov eax, dword ptr fs:[00000030h]24_2_013F3880
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01473884 mov eax, dword ptr fs:[00000030h]24_2_01473884
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01473884 mov eax, dword ptr fs:[00000030h]24_2_01473884
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F58EC mov eax, dword ptr fs:[00000030h]24_2_013F58EC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F40E1 mov eax, dword ptr fs:[00000030h]24_2_013F40E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F40E1 mov eax, dword ptr fs:[00000030h]24_2_013F40E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F40E1 mov eax, dword ptr fs:[00000030h]24_2_013F40E1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014220A0 mov eax, dword ptr fs:[00000030h]24_2_014220A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014390AF mov eax, dword ptr fs:[00000030h]24_2_014390AF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov eax, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov eax, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov eax, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov ecx, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov eax, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014028AE mov eax, dword ptr fs:[00000030h]24_2_014028AE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F0BF mov ecx, dword ptr fs:[00000030h]24_2_0142F0BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F0BF mov eax, dword ptr fs:[00000030h]24_2_0142F0BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F0BF mov eax, dword ptr fs:[00000030h]24_2_0142F0BF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F70C0 mov eax, dword ptr fs:[00000030h]24_2_013F70C0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F70C0 mov eax, dword ptr fs:[00000030h]24_2_013F70C0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8B58 mov eax, dword ptr fs:[00000030h]24_2_014C8B58
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B5A mov eax, dword ptr fs:[00000030h]24_2_01423B5A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B5A mov eax, dword ptr fs:[00000030h]24_2_01423B5A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B5A mov eax, dword ptr fs:[00000030h]24_2_01423B5A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B5A mov eax, dword ptr fs:[00000030h]24_2_01423B5A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01486365 mov eax, dword ptr fs:[00000030h]24_2_01486365
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01486365 mov eax, dword ptr fs:[00000030h]24_2_01486365
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01486365 mov eax, dword ptr fs:[00000030h]24_2_01486365
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140F370 mov eax, dword ptr fs:[00000030h]24_2_0140F370
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140F370 mov eax, dword ptr fs:[00000030h]24_2_0140F370
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140F370 mov eax, dword ptr fs:[00000030h]24_2_0140F370
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B7A mov eax, dword ptr fs:[00000030h]24_2_01423B7A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423B7A mov eax, dword ptr fs:[00000030h]24_2_01423B7A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A309 mov eax, dword ptr fs:[00000030h]24_2_0141A309
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B131B mov eax, dword ptr fs:[00000030h]24_2_014B131B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FDB60 mov ecx, dword ptr fs:[00000030h]24_2_013FDB60
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FF358 mov eax, dword ptr fs:[00000030h]24_2_013FF358
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FDB40 mov eax, dword ptr fs:[00000030h]24_2_013FDB40
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014253C5 mov eax, dword ptr fs:[00000030h]24_2_014253C5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014753CA mov eax, dword ptr fs:[00000030h]24_2_014753CA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014753CA mov eax, dword ptr fs:[00000030h]24_2_014753CA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014203E2 mov eax, dword ptr fs:[00000030h]24_2_014203E2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141DBE9 mov eax, dword ptr fs:[00000030h]24_2_0141DBE9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A23E3 mov ecx, dword ptr fs:[00000030h]24_2_014A23E3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A23E3 mov ecx, dword ptr fs:[00000030h]24_2_014A23E3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A23E3 mov eax, dword ptr fs:[00000030h]24_2_014A23E3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4B94 mov edi, dword ptr fs:[00000030h]24_2_013F4B94
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B138A mov eax, dword ptr fs:[00000030h]24_2_014B138A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149EB8A mov ecx, dword ptr fs:[00000030h]24_2_0149EB8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149EB8A mov eax, dword ptr fs:[00000030h]24_2_0149EB8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149EB8A mov eax, dword ptr fs:[00000030h]24_2_0149EB8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0149EB8A mov eax, dword ptr fs:[00000030h]24_2_0149EB8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142138B mov eax, dword ptr fs:[00000030h]24_2_0142138B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142138B mov eax, dword ptr fs:[00000030h]24_2_0142138B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142138B mov eax, dword ptr fs:[00000030h]24_2_0142138B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014AD380 mov ecx, dword ptr fs:[00000030h]24_2_014AD380
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01401B8F mov eax, dword ptr fs:[00000030h]24_2_01401B8F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01401B8F mov eax, dword ptr fs:[00000030h]24_2_01401B8F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142B390 mov eax, dword ptr fs:[00000030h]24_2_0142B390
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422397 mov eax, dword ptr fs:[00000030h]24_2_01422397
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F1BE9 mov eax, dword ptr fs:[00000030h]24_2_013F1BE9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141EB9A mov eax, dword ptr fs:[00000030h]24_2_0141EB9A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141EB9A mov eax, dword ptr fs:[00000030h]24_2_0141EB9A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1BA8 mov eax, dword ptr fs:[00000030h]24_2_014B1BA8
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C5BA5 mov eax, dword ptr fs:[00000030h]24_2_014C5BA5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424BAD mov eax, dword ptr fs:[00000030h]24_2_01424BAD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424BAD mov eax, dword ptr fs:[00000030h]24_2_01424BAD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424BAD mov eax, dword ptr fs:[00000030h]24_2_01424BAD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C9BBE mov eax, dword ptr fs:[00000030h]24_2_014C9BBE
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8BB6 mov eax, dword ptr fs:[00000030h]24_2_014C8BB6
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F8239 mov eax, dword ptr fs:[00000030h]24_2_013F8239
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F8239 mov eax, dword ptr fs:[00000030h]24_2_013F8239
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F8239 mov eax, dword ptr fs:[00000030h]24_2_013F8239
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1A5F mov eax, dword ptr fs:[00000030h]24_2_014B1A5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BEA55 mov eax, dword ptr fs:[00000030h]24_2_014BEA55
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01484257 mov eax, dword ptr fs:[00000030h]24_2_01484257
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4A20 mov eax, dword ptr fs:[00000030h]24_2_013F4A20
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4A20 mov eax, dword ptr fs:[00000030h]24_2_013F4A20
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FAA16 mov eax, dword ptr fs:[00000030h]24_2_013FAA16
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FAA16 mov eax, dword ptr fs:[00000030h]24_2_013FAA16
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014AB260 mov eax, dword ptr fs:[00000030h]24_2_014AB260
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014AB260 mov eax, dword ptr fs:[00000030h]24_2_014AB260
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01435A69 mov eax, dword ptr fs:[00000030h]24_2_01435A69
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01435A69 mov eax, dword ptr fs:[00000030h]24_2_01435A69
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01435A69 mov eax, dword ptr fs:[00000030h]24_2_01435A69
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8A62 mov eax, dword ptr fs:[00000030h]24_2_014C8A62
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5210 mov eax, dword ptr fs:[00000030h]24_2_013F5210
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5210 mov ecx, dword ptr fs:[00000030h]24_2_013F5210
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5210 mov eax, dword ptr fs:[00000030h]24_2_013F5210
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5210 mov eax, dword ptr fs:[00000030h]24_2_013F5210
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0143927A mov eax, dword ptr fs:[00000030h]24_2_0143927A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01408A0A mov eax, dword ptr fs:[00000030h]24_2_01408A0A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01413A1C mov eax, dword ptr fs:[00000030h]24_2_01413A1C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BAA16 mov eax, dword ptr fs:[00000030h]24_2_014BAA16
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BAA16 mov eax, dword ptr fs:[00000030h]24_2_014BAA16
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1229 mov eax, dword ptr fs:[00000030h]24_2_014B1229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141A229 mov eax, dword ptr fs:[00000030h]24_2_0141A229
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01434A2C mov eax, dword ptr fs:[00000030h]24_2_01434A2C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01434A2C mov eax, dword ptr fs:[00000030h]24_2_01434A2C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B236 mov eax, dword ptr fs:[00000030h]24_2_0141B236
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9240 mov eax, dword ptr fs:[00000030h]24_2_013F9240
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9240 mov eax, dword ptr fs:[00000030h]24_2_013F9240
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9240 mov eax, dword ptr fs:[00000030h]24_2_013F9240
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F9240 mov eax, dword ptr fs:[00000030h]24_2_013F9240
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422ACB mov eax, dword ptr fs:[00000030h]24_2_01422ACB
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8ADD mov eax, dword ptr fs:[00000030h]24_2_014C8ADD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F52A5 mov eax, dword ptr fs:[00000030h]24_2_013F52A5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F52A5 mov eax, dword ptr fs:[00000030h]24_2_013F52A5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F52A5 mov eax, dword ptr fs:[00000030h]24_2_013F52A5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F52A5 mov eax, dword ptr fs:[00000030h]24_2_013F52A5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F52A5 mov eax, dword ptr fs:[00000030h]24_2_013F52A5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F1AA0 mov eax, dword ptr fs:[00000030h]24_2_013F1AA0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4AEF mov eax, dword ptr fs:[00000030h]24_2_014B4AEF
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422AE4 mov eax, dword ptr fs:[00000030h]24_2_01422AE4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142DA88 mov eax, dword ptr fs:[00000030h]24_2_0142DA88
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142DA88 mov eax, dword ptr fs:[00000030h]24_2_0142DA88
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B129A mov eax, dword ptr fs:[00000030h]24_2_014B129A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142D294 mov eax, dword ptr fs:[00000030h]24_2_0142D294
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142D294 mov eax, dword ptr fs:[00000030h]24_2_0142D294
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01425AA0 mov eax, dword ptr fs:[00000030h]24_2_01425AA0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01425AA0 mov eax, dword ptr fs:[00000030h]24_2_01425AA0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F12D4 mov eax, dword ptr fs:[00000030h]24_2_013F12D4
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140AAB0 mov eax, dword ptr fs:[00000030h]24_2_0140AAB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140AAB0 mov eax, dword ptr fs:[00000030h]24_2_0140AAB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142FAB0 mov eax, dword ptr fs:[00000030h]24_2_0142FAB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F3ACA mov eax, dword ptr fs:[00000030h]24_2_013F3ACA
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014212BD mov esi, dword ptr fs:[00000030h]24_2_014212BD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014212BD mov eax, dword ptr fs:[00000030h]24_2_014212BD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014212BD mov eax, dword ptr fs:[00000030h]24_2_014212BD
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5AC0 mov eax, dword ptr fs:[00000030h]24_2_013F5AC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5AC0 mov eax, dword ptr fs:[00000030h]24_2_013F5AC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F5AC0 mov eax, dword ptr fs:[00000030h]24_2_013F5AC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01433D43 mov eax, dword ptr fs:[00000030h]24_2_01433D43
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01473540 mov eax, dword ptr fs:[00000030h]24_2_01473540
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A3D40 mov eax, dword ptr fs:[00000030h]24_2_014A3D40
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A8D47 mov eax, dword ptr fs:[00000030h]24_2_014A8D47
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013FAD30 mov eax, dword ptr fs:[00000030h]24_2_013FAD30
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01417D50 mov eax, dword ptr fs:[00000030h]24_2_01417D50
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01434D51 mov eax, dword ptr fs:[00000030h]24_2_01434D51
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01434D51 mov eax, dword ptr fs:[00000030h]24_2_01434D51
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141C577 mov eax, dword ptr fs:[00000030h]24_2_0141C577
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141C577 mov eax, dword ptr fs:[00000030h]24_2_0141C577
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01418D76 mov eax, dword ptr fs:[00000030h]24_2_01418D76
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01418D76 mov eax, dword ptr fs:[00000030h]24_2_01418D76
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01418D76 mov eax, dword ptr fs:[00000030h]24_2_01418D76
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01418D76 mov eax, dword ptr fs:[00000030h]24_2_01418D76
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01418D76 mov eax, dword ptr fs:[00000030h]24_2_01418D76
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B3518 mov eax, dword ptr fs:[00000030h]24_2_014B3518
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B3518 mov eax, dword ptr fs:[00000030h]24_2_014B3518
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B3518 mov eax, dword ptr fs:[00000030h]24_2_014B3518
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F527 mov eax, dword ptr fs:[00000030h]24_2_0142F527
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F527 mov eax, dword ptr fs:[00000030h]24_2_0142F527
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142F527 mov eax, dword ptr fs:[00000030h]24_2_0142F527
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0147A537 mov eax, dword ptr fs:[00000030h]24_2_0147A537
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BE539 mov eax, dword ptr fs:[00000030h]24_2_014BE539
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F354C mov eax, dword ptr fs:[00000030h]24_2_013F354C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F354C mov eax, dword ptr fs:[00000030h]24_2_013F354C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01403D34 mov eax, dword ptr fs:[00000030h]24_2_01403D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8D34 mov eax, dword ptr fs:[00000030h]24_2_014C8D34
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424D3B mov eax, dword ptr fs:[00000030h]24_2_01424D3B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424D3B mov eax, dword ptr fs:[00000030h]24_2_01424D3B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01424D3B mov eax, dword ptr fs:[00000030h]24_2_01424D3B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov eax, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov eax, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov eax, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov ecx, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov eax, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476DC9 mov eax, dword ptr fs:[00000030h]24_2_01476DC9
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014AFDD3 mov eax, dword ptr fs:[00000030h]24_2_014AFDD3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140D5E0 mov eax, dword ptr fs:[00000030h]24_2_0140D5E0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140D5E0 mov eax, dword ptr fs:[00000030h]24_2_0140D5E0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BFDE2 mov eax, dword ptr fs:[00000030h]24_2_014BFDE2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BFDE2 mov eax, dword ptr fs:[00000030h]24_2_014BFDE2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BFDE2 mov eax, dword ptr fs:[00000030h]24_2_014BFDE2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BFDE2 mov eax, dword ptr fs:[00000030h]24_2_014BFDE2
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F3591 mov eax, dword ptr fs:[00000030h]24_2_013F3591
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014295EC mov eax, dword ptr fs:[00000030h]24_2_014295EC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2D8A mov eax, dword ptr fs:[00000030h]24_2_013F2D8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2D8A mov eax, dword ptr fs:[00000030h]24_2_013F2D8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2D8A mov eax, dword ptr fs:[00000030h]24_2_013F2D8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2D8A mov eax, dword ptr fs:[00000030h]24_2_013F2D8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2D8A mov eax, dword ptr fs:[00000030h]24_2_013F2D8A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014A8DF1 mov eax, dword ptr fs:[00000030h]24_2_014A8DF1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422581 mov eax, dword ptr fs:[00000030h]24_2_01422581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422581 mov eax, dword ptr fs:[00000030h]24_2_01422581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422581 mov eax, dword ptr fs:[00000030h]24_2_01422581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01422581 mov eax, dword ptr fs:[00000030h]24_2_01422581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B2D82 mov eax, dword ptr fs:[00000030h]24_2_014B2D82
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BB581 mov eax, dword ptr fs:[00000030h]24_2_014BB581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BB581 mov eax, dword ptr fs:[00000030h]24_2_014BB581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BB581 mov eax, dword ptr fs:[00000030h]24_2_014BB581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014BB581 mov eax, dword ptr fs:[00000030h]24_2_014BB581
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F95F0 mov eax, dword ptr fs:[00000030h]24_2_013F95F0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F95F0 mov ecx, dword ptr fs:[00000030h]24_2_013F95F0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142FD9B mov eax, dword ptr fs:[00000030h]24_2_0142FD9B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142FD9B mov eax, dword ptr fs:[00000030h]24_2_0142FD9B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C05AC mov eax, dword ptr fs:[00000030h]24_2_014C05AC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C05AC mov eax, dword ptr fs:[00000030h]24_2_014C05AC
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014265A0 mov eax, dword ptr fs:[00000030h]24_2_014265A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014265A0 mov eax, dword ptr fs:[00000030h]24_2_014265A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014265A0 mov eax, dword ptr fs:[00000030h]24_2_014265A0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014235A1 mov eax, dword ptr fs:[00000030h]24_2_014235A1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01421DB5 mov eax, dword ptr fs:[00000030h]24_2_01421DB5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01421DB5 mov eax, dword ptr fs:[00000030h]24_2_01421DB5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01421DB5 mov eax, dword ptr fs:[00000030h]24_2_01421DB5
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F15C1 mov eax, dword ptr fs:[00000030h]24_2_013F15C1
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4439 mov eax, dword ptr fs:[00000030h]24_2_013F4439
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142A44B mov eax, dword ptr fs:[00000030h]24_2_0142A44B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148C450 mov eax, dword ptr fs:[00000030h]24_2_0148C450
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0148C450 mov eax, dword ptr fs:[00000030h]24_2_0148C450
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8450 mov eax, dword ptr fs:[00000030h]24_2_014C8450
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141746D mov eax, dword ptr fs:[00000030h]24_2_0141746D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01435C70 mov eax, dword ptr fs:[00000030h]24_2_01435C70
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141B477 mov eax, dword ptr fs:[00000030h]24_2_0141B477
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142AC7B mov eax, dword ptr fs:[00000030h]24_2_0142AC7B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8C75 mov eax, dword ptr fs:[00000030h]24_2_014C8C75
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C740D mov eax, dword ptr fs:[00000030h]24_2_014C740D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C740D mov eax, dword ptr fs:[00000030h]24_2_014C740D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C740D mov eax, dword ptr fs:[00000030h]24_2_014C740D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1C06 mov eax, dword ptr fs:[00000030h]24_2_014B1C06
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476C0A mov eax, dword ptr fs:[00000030h]24_2_01476C0A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476C0A mov eax, dword ptr fs:[00000030h]24_2_01476C0A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476C0A mov eax, dword ptr fs:[00000030h]24_2_01476C0A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476C0A mov eax, dword ptr fs:[00000030h]24_2_01476C0A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8C14 mov eax, dword ptr fs:[00000030h]24_2_014C8C14
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142BC2C mov eax, dword ptr fs:[00000030h]24_2_0142BC2C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B433 mov eax, dword ptr fs:[00000030h]24_2_0140B433
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B433 mov eax, dword ptr fs:[00000030h]24_2_0140B433
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140B433 mov eax, dword ptr fs:[00000030h]24_2_0140B433
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423C3E mov eax, dword ptr fs:[00000030h]24_2_01423C3E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423C3E mov eax, dword ptr fs:[00000030h]24_2_01423C3E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01423C3E mov eax, dword ptr fs:[00000030h]24_2_01423C3E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CCC0 mov eax, dword ptr fs:[00000030h]24_2_0142CCC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CCC0 mov eax, dword ptr fs:[00000030h]24_2_0142CCC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CCC0 mov eax, dword ptr fs:[00000030h]24_2_0142CCC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CCC0 mov eax, dword ptr fs:[00000030h]24_2_0142CCC0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4CB0 mov eax, dword ptr fs:[00000030h]24_2_013F4CB0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8CD6 mov eax, dword ptr fs:[00000030h]24_2_014C8CD6
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F649B mov eax, dword ptr fs:[00000030h]24_2_013F649B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F649B mov eax, dword ptr fs:[00000030h]24_2_013F649B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B14FB mov eax, dword ptr fs:[00000030h]24_2_014B14FB
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476CF0 mov eax, dword ptr fs:[00000030h]24_2_01476CF0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476CF0 mov eax, dword ptr fs:[00000030h]24_2_01476CF0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01476CF0 mov eax, dword ptr fs:[00000030h]24_2_01476CF0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F1480 mov eax, dword ptr fs:[00000030h]24_2_013F1480
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140849B mov eax, dword ptr fs:[00000030h]24_2_0140849B
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B4496 mov eax, dword ptr fs:[00000030h]24_2_014B4496
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F2CDB mov eax, dword ptr fs:[00000030h]24_2_013F2CDB
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142D4B0 mov eax, dword ptr fs:[00000030h]24_2_0142D4B0
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C9CB3 mov eax, dword ptr fs:[00000030h]24_2_014C9CB3
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140EF40 mov eax, dword ptr fs:[00000030h]24_2_0140EF40
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142DF4C mov eax, dword ptr fs:[00000030h]24_2_0142DF4C
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6730 mov eax, dword ptr fs:[00000030h]24_2_013F6730
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6730 mov eax, dword ptr fs:[00000030h]24_2_013F6730
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F6730 mov eax, dword ptr fs:[00000030h]24_2_013F6730
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4F2E mov eax, dword ptr fs:[00000030h]24_2_013F4F2E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_013F4F2E mov eax, dword ptr fs:[00000030h]24_2_013F4F2E
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01485F5F mov eax, dword ptr fs:[00000030h]24_2_01485F5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01485F5F mov eax, dword ptr fs:[00000030h]24_2_01485F5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01485F5F mov eax, dword ptr fs:[00000030h]24_2_01485F5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01485F5F mov eax, dword ptr fs:[00000030h]24_2_01485F5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_01485F5F mov eax, dword ptr fs:[00000030h]24_2_01485F5F
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014B1751 mov eax, dword ptr fs:[00000030h]24_2_014B1751
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0140FF60 mov eax, dword ptr fs:[00000030h]24_2_0140FF60
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141E760 mov eax, dword ptr fs:[00000030h]24_2_0141E760
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0141E760 mov eax, dword ptr fs:[00000030h]24_2_0141E760
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C8F6A mov eax, dword ptr fs:[00000030h]24_2_014C8F6A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CF6A mov eax, dword ptr fs:[00000030h]24_2_0142CF6A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142CF6A mov eax, dword ptr fs:[00000030h]24_2_0142CF6A
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C070D mov eax, dword ptr fs:[00000030h]24_2_014C070D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_014C070D mov eax, dword ptr fs:[00000030h]24_2_014C070D
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_0142C707 mov eax, dword ptr fs:[00000030h]24_2_0142C707
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeCode function: 24_2_00409B20 LdrLoadDll,24_2_00409B20
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeMemory written: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeMemory written: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeMemory written: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe base: C22008Jump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeMemory written: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe base: 400000 value starts with: 4D5AJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20Jump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeProcess created: C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exeJump to behavior
          Source: explorer.exe, 00000019.00000000.478793677.00000000089FF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000019.00000002.514938411.0000000001640000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000019.00000002.514938411.0000000001640000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000019.00000000.469199654.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000019.00000002.514938411.0000000001640000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000019.00000002.514938411.0000000001640000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Users\user\Desktop\gLO4rDsniT.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gLO4rDsniT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 24.2.gLO4rDsniT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection412Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection412NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          gLO4rDsniT.exe32%VirustotalBrowse
          gLO4rDsniT.exe41%ReversingLabsByteCode-MSIL.Trojan.Bulz
          gLO4rDsniT.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe32%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe41%ReversingLabsByteCode-MSIL.Trojan.Bulz

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          24.2.gLO4rDsniT.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          https://go.micro0%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://james.newtonking.com/projects/json0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          www.inboundtechnology.net/b9qq/0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.inboundtechnology.net/b9qq/true
          • Avira URL Cloud: safe
          low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpfalse
            high
            http://www.apache.org/licenses/LICENSE-2.0gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
              high
              http://www.fontbureau.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                high
                http://www.fontbureau.com/designersGgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                  high
                  http://www.fontbureau.com/designers/?gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                    high
                    http://www.founder.com.cn/cn/bThegLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpfalse
                      high
                      http://www.fontbureau.com/designers?gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                        high
                        https://go.micropowershell.exe, 00000006.00000002.374276316.00000000056CB000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://contoso.com/Licensepowershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://contoso.com/Iconpowershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.tiro.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://www.newtonsoft.com/jsongLO4rDsniT.exefalse
                          high
                          http://www.fontbureau.com/designersgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                            high
                            http://www.goodfont.co.krgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.371771340.0000000004F92000.00000004.00000001.sdmpfalse
                              high
                              http://james.newtonking.com/projects/jsongLO4rDsniT.exefalse
                              • URL Reputation: safe
                              unknown
                              http://www.carterandcone.comlgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.sajatypeworks.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.typography.netDgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                high
                                http://www.founder.com.cn/cn/cThegLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://www.galapagosdesign.com/staff/dennis.htmgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://fontfabrik.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://www.founder.com.cn/cngLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://www.fontbureau.com/designers/frere-jones.htmlgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                  high
                                  http://www.jiyu-kobo.co.jp/gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://contoso.com/powershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.375657759.0000000005EB2000.00000004.00000001.sdmpfalse
                                    high
                                    https://www.newtonsoft.com/jsonschemagLO4rDsniT.exefalse
                                      high
                                      http://www.galapagosdesign.com/DPleasegLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.fontbureau.com/designers8gLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                        high
                                        https://www.nuget.org/packages/Newtonsoft.Json.BsongLO4rDsniT.exefalse
                                          high
                                          http://www.fonts.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                            high
                                            http://www.sandoll.co.krgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://www.urwpp.deDPleasegLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://www.zhongyicts.com.cngLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namegLO4rDsniT.exe, 00000001.00000002.466072258.0000000002B8C000.00000004.00000001.sdmp, powershell.exe, 00000006.00000002.371504237.0000000004E51000.00000004.00000001.sdmpfalse
                                              high
                                              http://www.sakkal.comgLO4rDsniT.exe, 00000001.00000002.468335884.0000000006C42000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              unknown

                                              Contacted IPs

                                              No contacted IP infos

                                              General Information

                                              Joe Sandbox Version:33.0.0 White Diamond
                                              Analysis ID:483687
                                              Start date:15.09.2021
                                              Start time:11:35:23
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 11m 48s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:gLO4rDsniT (renamed file extension from none to exe)
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:25
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@6/8@0/0
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 3.7% (good quality ratio 3.6%)
                                              • Quality average: 80.3%
                                              • Quality standard deviation: 26.1%
                                              HCA Information:
                                              • Successful, ratio: 89%
                                              • Number of executed functions: 77
                                              • Number of non-executed functions: 225
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              11:36:51API Interceptor29x Sleep call for process: powershell.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASN

                                              No context

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gLO4rDsniT.exe.log
                                              Process:C:\Users\user\Desktop\gLO4rDsniT.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:modified
                                              Size (bytes):1119
                                              Entropy (8bit):5.356708753875314
                                              Encrypted:false
                                              SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
                                              MD5:3197B1D4714B56F2A6AC9E83761739AE
                                              SHA1:3B38010F0DF51C1D4D2C020138202DABB686741D
                                              SHA-256:40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
                                              SHA-512:58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
                                              Malicious:true
                                              Reputation:moderate, very likely benign file
                                              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):5829
                                              Entropy (8bit):4.8968676994158
                                              Encrypted:false
                                              SSDEEP:96:WCJ2Woe5o2k6Lm5emmXIGvgyg12jDs+un/iQLEYFjDaeWJ6KGcmXx9smyFRLcU6f:5xoe5oVsm5emd0gkjDt4iWN3yBGHh9s6
                                              MD5:36DE9155D6C265A1DE62A448F3B5B66E
                                              SHA1:02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3
                                              SHA-256:8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87
                                              SHA-512:C734ADE161FB89472B1DF9B9F062F4A53E7010D3FF99EDC0BD564540A56BC35743625C50A00635C31D165A74DCDBB330FFB878C5919D7B267F6F33D2AAB328E7
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):17216
                                              Entropy (8bit):5.282642528769125
                                              Encrypted:false
                                              SSDEEP:384:3t9/p718YkTnTnArc0/I1rpdmRNkxOAFaF:1HaAw0AN3xc
                                              MD5:DEC1CE107BF9A1348958A864D173BC63
                                              SHA1:F5EFAD01E6074887E7237ABDEA0AC0193D11370C
                                              SHA-256:395FBB79E6D4032BF5E166A1215E89985158E92BF598A3CBC2FED792ED8F1A6A
                                              SHA-512:27E443924658B6F1D9AA9368DAEB588159CA1F0E68015AFE6D190E4155FC25655D68394977211A95CDE09C13668E0AA7710909BAF6352C99C73AE8C11925F467
                                              Malicious:false
                                              Reputation:low
                                              Preview: @...e.......................d.Z.W....................@..........D...............fZve...F.....x.)T.......System.Management.AutomationH...............<@.^.L."My...:)..... .Microsoft.PowerShell.ConsoleHost4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fwacnx5e.wgs.psm1
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview: 1
                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lmgobnyv.q3r.ps1
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview: 1
                                              C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe
                                              Process:C:\Users\user\Desktop\gLO4rDsniT.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):827904
                                              Entropy (8bit):7.113226060715182
                                              Encrypted:false
                                              SSDEEP:12288:t/gecNU2zqX6lUB2AkegSpxGrsM+qFeWRs:yDNgWUB2AkegSp0hZRs
                                              MD5:EBCD5648EAB5A3214EC61D4BED956A36
                                              SHA1:B2A43A1489CE76373DF3BA5E4BA54172A6CC92F4
                                              SHA-256:BEF7F97DCB40FD71E9A9FCA6F43389749245F17E7A3092219D20217B8AD8E36A
                                              SHA-512:9FB5A58AEF41AC0B54916742DEF94A2C8CEE88DA3C7D550CE01B667285FDF21A00EB8266A8288E52A652E82A2C40B845AF0A237538AE5B74DE0F6D41F46BAB6E
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: Virustotal, Detection: 32%, Browse
                                              • Antivirus: ReversingLabs, Detection: 41%
                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n=@a..................... ........... ........@.. ....................................@.................................T...W.......P............................................................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H...........8............(..0Y...........................................0.............-.&(....+.&+.*....0..........s....(....t.....-.&+......+.*....~....*..0...........(......-.&+.(....+.*....0..*.........-.&r...p%.-.&..-.&&(....+..+..+.(....+.*...0..'........,..{....,..{....o.......-.&&+.(....+.*..0............:....&."...A"...As.....-v&&...-v&&. "... ....s....(......(......(.........s....(.....r...p(.....r...po ...........s!...(".....(#...+.($...8w...(%...+.(&...+.*.0......
                                              C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe:Zone.Identifier
                                              Process:C:\Users\user\Desktop\gLO4rDsniT.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):26
                                              Entropy (8bit):3.95006375643621
                                              Encrypted:false
                                              SSDEEP:3:ggPYV:rPYV
                                              MD5:187F488E27DB4AF347237FE461A079AD
                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                              Malicious:true
                                              Preview: [ZoneTransfer]....ZoneId=0
                                              C:\Users\user\Documents\20210915\PowerShell_transcript.841618.Y+XpuZo3.20210915113633.txt
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):941
                                              Entropy (8bit):5.0117760090308785
                                              Encrypted:false
                                              SSDEEP:24:BxSASDvBB8x2DOXUWM1W4yHjeTKKjX4CIym1ZJXzxOnxSAZ83:BZqv/8oOZRqDYB1ZpxgZZ83
                                              MD5:FF931FCCE8FDC4A6F721FFE72FF853C8
                                              SHA1:D616C4CBEC7C8B55BF38EA18447B1173019A1637
                                              SHA-256:077C0652C040C77E5E578A791540C6AF2B02E48F3500580EFB770C10B41F9560
                                              SHA-512:8B317B831F7C3E03F53E5DE162EC00DD4E59D244F9D76C1FD213C17807DDC303943C113FA328379B64292CD2103DD02F65EF47A2F4E044C3F1942B8BE1E44AE2
                                              Malicious:false
                                              Preview: .**********************..Windows PowerShell transcript start..Start time: 20210915113647..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 841618 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Start-Sleep -s 20..Process ID: 6740..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210915113647..**********************..PS>Start-Sleep -s 20..**********************..Command start time: 20210915114051..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End time: 20210915114052..**********************..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.113226060715182
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:gLO4rDsniT.exe
                                              File size:827904
                                              MD5:ebcd5648eab5a3214ec61d4bed956a36
                                              SHA1:b2a43a1489ce76373df3ba5e4ba54172a6cc92f4
                                              SHA256:bef7f97dcb40fd71e9a9fca6f43389749245f17e7a3092219d20217b8ad8e36a
                                              SHA512:9fb5a58aef41ac0b54916742def94a2c8cee88da3c7d550ce01b667285fdf21a00eb8266a8288e52a652e82a2c40b845af0a237538ae5b74de0f6d41f46bab6e
                                              SSDEEP:12288:t/gecNU2zqX6lUB2AkegSpxGrsM+qFeWRs:yDNgWUB2AkegSp0hZRs
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n=@a..................... ........... ........@.. ....................................@................................

                                              File Icon

                                              Icon Hash:d0d4d2dadadadae4

                                              Static PE Info

                                              General

                                              Entrypoint:0x4c9fae
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x61403D6E [Tue Sep 14 06:13:02 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:v4.0.30319
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, 00h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, 00h
                                              add eax, dword ptr [eax]
                                              add byte ptr [eax], al
                                              xor byte ptr [eax], al
                                              add byte ptr [eax+0000000Eh], al
                                              push eax
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], 00000000h
                                              add byte ptr [eax], al
                                              push 18800000h
                                              add byte ptr [eax], al
                                              add byte ptr [eax+00800000h], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax+eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, byte ptr [eax]
                                              add dword ptr [eax], eax
                                              add byte ptr [eax], al
                                              cwde
                                              add byte ptr [eax], al
                                              add byte ptr [edx], 00000000h
                                              add byte ptr [eax], al
                                              mov al, 00h
                                              add byte ptr [eax+00000000h], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, 00h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add dword ptr [eax], eax
                                              add byte ptr [edi+00h], bh
                                              add al, cl
                                              add byte ptr [eax], al
                                              add byte ptr [eax], 00000000h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, 00h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc9f540x57.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x1c50.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000xc7fb40xc8000False0.638974609375data7.11687874343IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rsrc0xca0000x1c500x1e00False0.450130208333data5.85410682241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0xcc0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0xca1600x468GLS_BINARY_LSB_FIRST
                                              RT_ICON0xca5c80x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 100663296, next used block 100663296
                                              RT_GROUP_ICON0xcb6700x22data
                                              RT_VERSION0xcb6940x408data
                                              RT_MANIFEST0xcba9c0x1b4XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Version Infos

                                              DescriptionData
                                              Translation0x0000 0x04b0
                                              LegalCopyrightFirefox and Mozilla Developers; available under the MPL 2 license.
                                              Assembly Version91.0.1.7898
                                              InternalNameBEB.exe
                                              FileVersion91.0.1.7898
                                              CompanyNameMozilla Corporation
                                              LegalTrademarksFirefox is a Trademark of The Mozilla Foundation.
                                              CommentsFirefox
                                              ProductNameFirefox
                                              ProductVersion91.0.1.7898
                                              FileDescriptionFirefox
                                              OriginalFilenameBEB.exe

                                              Network Behavior

                                              No network behavior found

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Start time:11:36:19
                                              Start date:15/09/2021
                                              Path:C:\Users\user\Desktop\gLO4rDsniT.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\gLO4rDsniT.exe'
                                              Imagebase:0x6f0000
                                              File size:827904 bytes
                                              MD5 hash:EBCD5648EAB5A3214EC61D4BED956A36
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.466649182.0000000003B59000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.467041262.0000000003C49000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.466807357.0000000003BB4000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              General

                                              Start time:11:36:30
                                              Start date:15/09/2021
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Start-Sleep -s 20
                                              Imagebase:0x1280000
                                              File size:430592 bytes
                                              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Reputation:high

                                              General

                                              Start time:11:36:31
                                              Start date:15/09/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7ecfc0000
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Start time:11:38:03
                                              Start date:15/09/2021
                                              Path:C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\AppData\Local\Temp\gLO4rDsniT.exe
                                              Imagebase:0x960000
                                              File size:827904 bytes
                                              MD5 hash:EBCD5648EAB5A3214EC61D4BED956A36
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000018.00000002.545335617.0000000001800000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000018.00000002.545104364.0000000001700000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 32%, Virustotal, Browse
                                              • Detection: 41%, ReversingLabs
                                              Reputation:low

                                              General

                                              Start time:11:38:06
                                              Start date:15/09/2021
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\Explorer.EXE
                                              Imagebase:0x7ff693d90000
                                              File size:3933184 bytes
                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000019.00000000.493656809.0000000006740000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000019.00000002.529006238.0000000006740000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:high

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Executed Functions

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 13109d7191d6df386a126adca5e98c051f19e5af74d4a04e8d0ac3317e54c349
                                                • Instruction ID: 05b4ece17385cf77c8d7375a60d9b1d5c944099759c3cb78bc3913fefd2846c7
                                                • Opcode Fuzzy Hash: 13109d7191d6df386a126adca5e98c051f19e5af74d4a04e8d0ac3317e54c349
                                                • Instruction Fuzzy Hash: 9CA17CB2E0416A9BCB14DB98C8806ADFBF5FF88304F158669E455EB305D730ED42CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c5293dfd508e8fdba62b6a4565f40ee3e69a21ee4049cacd6d8420bc9d93af2
                                                • Instruction ID: 0222d63370a0f0697a44adbc16d61f5fccc676f29265bd383d3d564a9883ea7e
                                                • Opcode Fuzzy Hash: 8c5293dfd508e8fdba62b6a4565f40ee3e69a21ee4049cacd6d8420bc9d93af2
                                                • Instruction Fuzzy Hash: B981ACB1D14218DFEB00CFA5E9897ADBBF1FB49305F108566E015A7390DBB40496CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0702BFE6
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: ef4b184961fbad75fc21f57469286874f7e940876ac280f4c313636c73321ebc
                                                • Instruction ID: fa603856a42707721cdbf80faf94d5c8096cf091ea1757eac796e54fbf0e78dc
                                                • Opcode Fuzzy Hash: ef4b184961fbad75fc21f57469286874f7e940876ac280f4c313636c73321ebc
                                                • Instruction Fuzzy Hash: 70914CB2D00269DFDF50CFA8C8817EEBBF6BB44314F048669D905A7240EB749986DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • KiUserExceptionDispatcher.NTDLL ref: 0702A5AE
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: DispatcherExceptionUser
                                                • String ID:
                                                • API String ID: 6842923-0
                                                • Opcode ID: f5b620611e7ccce56b3cabc9516ddbaec3dd32e8b0a6347bd4b1ebec3443b59d
                                                • Instruction ID: 38b518640ca1f28b5fbba0a42ebb149ff7b1d7291557e106ca58836197470c78
                                                • Opcode Fuzzy Hash: f5b620611e7ccce56b3cabc9516ddbaec3dd32e8b0a6347bd4b1ebec3443b59d
                                                • Instruction Fuzzy Hash: 455103F1B28265CBF7549664E00D36D3A94E781319F009A66E857862C0CFFCC4C6EB72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 0702DEC1
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: BaseModuleName
                                                • String ID:
                                                • API String ID: 595626670-0
                                                • Opcode ID: 6a8c468bc030c837dbae923ca0c6311a88200be37bbb9ef21fc0c08ab6bee5b2
                                                • Instruction ID: 97f48b7be590a6d7e097aa290ec44203fab9725510264e5007ebd845fc2f815d
                                                • Opcode Fuzzy Hash: 6a8c468bc030c837dbae923ca0c6311a88200be37bbb9ef21fc0c08ab6bee5b2
                                                • Instruction Fuzzy Hash: F34168B5E002599FCB18DFA9C894BDEBBF1BF48318F148129E819AB344C7749846CF95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CopyFileW.KERNELBASE(00000004,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,0702AD8A,00000000), ref: 0702AF81
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: CopyFile
                                                • String ID:
                                                • API String ID: 1304948518-0
                                                • Opcode ID: a55a5afe8bc19d9cd34a33a13a9987ad71a783f95eeee454f1b3a2760c54a6a1
                                                • Instruction ID: 9aaf04f338f2c90789482b5a628c4b3c42f4db742424e8da457fe313353fa3b6
                                                • Opcode Fuzzy Hash: a55a5afe8bc19d9cd34a33a13a9987ad71a783f95eeee454f1b3a2760c54a6a1
                                                • Instruction Fuzzy Hash: 9D216BF2D012199FCB40CF99D4847EEFBF4EF48320F14816AE818A7240D7789945CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0702BC98
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: b0f9c377fa8225f0e891b865ca63fdec16e552ab57a3f05382b1d59555564a5e
                                                • Instruction ID: 9a8942559aa957fb2b38cf828dfd32ffcca9fecf0621c154e83d4de851529378
                                                • Opcode Fuzzy Hash: b0f9c377fa8225f0e891b865ca63fdec16e552ab57a3f05382b1d59555564a5e
                                                • Instruction Fuzzy Hash: 4D212AB59003599FCF00CFA9C984BDEBBF5FF48314F108829E918A7250DB789955DBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetThreadContext.KERNELBASE(?,00000000), ref: 0702BAEE
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: ContextThread
                                                • String ID:
                                                • API String ID: 1591575202-0
                                                • Opcode ID: 9106ee0fb995987db4600517ed8d6f8e38998928c0c18b678507e294b510ceaa
                                                • Instruction ID: 9e50462ee8adf1a1a475abcfbf1398272767b28ff2a9ebd8514c2e34d0caf031
                                                • Opcode Fuzzy Hash: 9106ee0fb995987db4600517ed8d6f8e38998928c0c18b678507e294b510ceaa
                                                • Instruction Fuzzy Hash: BB2149B19003099FCB50DFAAC4847EFBBF4EF48324F14842AD419A7240DB78A945CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • EnumChildWindows.USER32(?,00000000,?,?,?,?,?,?,00000000,?,0702E118,00000000), ref: 0702E200
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: ChildEnumWindows
                                                • String ID:
                                                • API String ID: 3555792229-0
                                                • Opcode ID: 86a46e8306e12c67eadb55eb9dd79df633a242359256ae887e024170d4aebe0c
                                                • Instruction ID: c5dd8477f943864bdaa9fb900c351f88210b40b87dd095f099d7a064e7b508fa
                                                • Opcode Fuzzy Hash: 86a46e8306e12c67eadb55eb9dd79df633a242359256ae887e024170d4aebe0c
                                                • Instruction Fuzzy Hash: 94216AB1D002199FDB14CF99C848BEEFBF5EB98320F04842AD415A3340D778A945CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 0702DA13
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: EnumProcesses
                                                • String ID:
                                                • API String ID: 84517404-0
                                                • Opcode ID: 508a5f7c7f5579e6ace4cb9246e39ff8b3f42d3035ebca3b3842cd7410019b13
                                                • Instruction ID: 11c33dafb1f0204e134b0681d70a111ce793da5ef25cb009e34d7da792258aec
                                                • Opcode Fuzzy Hash: 508a5f7c7f5579e6ace4cb9246e39ff8b3f42d3035ebca3b3842cd7410019b13
                                                • Instruction Fuzzy Hash: 0321F5B59006199FCB00CF9AD885BDEFBF4BB48324F14812AE918A3340D778A954CBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 0702DD6B
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: EnumModulesProcess
                                                • String ID:
                                                • API String ID: 1082081703-0
                                                • Opcode ID: 6837ce9fe271541199e8f6b6b79f677c3a31164de67785ee04b2e7d122b53b78
                                                • Instruction ID: 9a4004dfdd79732471eeb2e450d7a12834d240540b2450f22a757d0d397bec0b
                                                • Opcode Fuzzy Hash: 6837ce9fe271541199e8f6b6b79f677c3a31164de67785ee04b2e7d122b53b78
                                                • Instruction Fuzzy Hash: CE2138B59002499FCB10CF9AD484BDEBBF4EB48320F108429E458A7200D778A945DFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0702BBB6
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 063eda99597a820b866e10ef576bf3a473869d79295b0d05ac66d92a9d06afe3
                                                • Instruction ID: 99ee242c14b9b50f5cfeacf8ea06f0b2459a5bfa4c32e14edc589ad6d28dfce0
                                                • Opcode Fuzzy Hash: 063eda99597a820b866e10ef576bf3a473869d79295b0d05ac66d92a9d06afe3
                                                • Instruction Fuzzy Hash: 401156B68002499FCF10DFE9C844ADFBFF9AF48324F14881AE515A7210C775A954DBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0702E84D
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: f222b14c67357087f2e99137bcb41a17cbfa63c53e6a66a8ef5b1b1d239b70cd
                                                • Instruction ID: 7dd8ca21efe1b177b647e66ff2731a248d1b9f19b1b63ae1aaf154b8cb4c5d76
                                                • Opcode Fuzzy Hash: f222b14c67357087f2e99137bcb41a17cbfa63c53e6a66a8ef5b1b1d239b70cd
                                                • Instruction Fuzzy Hash: C81106B58003599FDB10DF9AD488BDEBFF8EB48324F148419E554B7200C775A954CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.468743855.0000000007020000.00000040.00000001.sdmp, Offset: 07020000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 71e112e42d3caff2a58fb1c822f668a9a7d95ef7d88bd387dbe114ff1bf3f2e4
                                                • Instruction ID: a64e8c7fbf91741552b46a69877ab98256577d25f9680e24b083cdb219a2e40c
                                                • Opcode Fuzzy Hash: 71e112e42d3caff2a58fb1c822f668a9a7d95ef7d88bd387dbe114ff1bf3f2e4
                                                • Instruction Fuzzy Hash: AA715EB2E0416A9BDB14CFA9C8806AEFBF5FF88304F158629E454E7205D730AD46DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Executed Functions

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20f1a9aca9723c40dbe28fedb169e7d6d9e2abc0ed183a713b44692329f138a6
                                                • Instruction ID: f3b9cc799361b35b5ef4b55007122930237d369fd634062adca44d7ab5ac4649
                                                • Opcode Fuzzy Hash: 20f1a9aca9723c40dbe28fedb169e7d6d9e2abc0ed183a713b44692329f138a6
                                                • Instruction Fuzzy Hash: 06A14B706006018FE729EF35C4987BABBE2BF88304F14856DD4429B7E1DB79E885CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: @ \l
                                                • API String ID: 0-3491233514
                                                • Opcode ID: 94cc4140afde495f6071074de4814c059507ce59ae9d41aafac44ba49a8290f5
                                                • Instruction ID: a708273b0b66eeb42e4f418a822fe69e31422420a796e0a05910e2c012da83d7
                                                • Opcode Fuzzy Hash: 94cc4140afde495f6071074de4814c059507ce59ae9d41aafac44ba49a8290f5
                                                • Instruction Fuzzy Hash: EEB12670A00219CFCB14DFA8C984ADDFBB2FF89315F148569E849AB365CB71A855CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4e4e6173a525991b7f35ec3888dec7bdcb80df48a83590df361709f044b9938
                                                • Instruction ID: c9d68ee0aaaffe50a983ff8940af8e901e8f428553936efa2690c32bc724829c
                                                • Opcode Fuzzy Hash: b4e4e6173a525991b7f35ec3888dec7bdcb80df48a83590df361709f044b9938
                                                • Instruction Fuzzy Hash: 49029A34A00218DFDB14DF64C844BAEBBB2BF49315F1085A9E8499B3A0DB35ED95CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41fefedef27cb8022e7debfac5a2907413430fb4b12028b21260d43ab6a69974
                                                • Instruction ID: 086c3850758862b710646db423b3a62b1bc2b4a20d0a3dd15ed7007052e8cf3b
                                                • Opcode Fuzzy Hash: 41fefedef27cb8022e7debfac5a2907413430fb4b12028b21260d43ab6a69974
                                                • Instruction Fuzzy Hash: 5DE1C130B002448FDB25EFB5C8546AEBBF6EF84318F14886DD8469B385DB75E849CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e414d16501c70bd252d33fc5c1edf13175c2159bd3e3e07e57df26bc5357ca5
                                                • Instruction ID: 9b52bfe0515f34badf401c69b1de90a1e02599229cfc1a62a00074760f0ebc15
                                                • Opcode Fuzzy Hash: 7e414d16501c70bd252d33fc5c1edf13175c2159bd3e3e07e57df26bc5357ca5
                                                • Instruction Fuzzy Hash: 6CA122353003409FC7159BB8D854BAA7BAAEFC5221F14842DD84ACB391DF34DC5787A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 66cf495a187f84a6c37d3ca2584fa088541711f7443537f2bdfd4dd83709936c
                                                • Instruction ID: 7abd444b968eaa60129f69104b9acf54f4f01a3b10ab9f75928bc0a9b6639e1c
                                                • Opcode Fuzzy Hash: 66cf495a187f84a6c37d3ca2584fa088541711f7443537f2bdfd4dd83709936c
                                                • Instruction Fuzzy Hash: 83B16C70A012089FCB05DFA4D494AEEBBF6FF89314F1484A9D805AB355DB35ED85CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1fe3146d4d3ff878d453c241c008c2454d0d43b30dc6e09cedbc86b71a164ab
                                                • Instruction ID: b400a5cbf334c56c278bb1dff5ca7a2fbcc21dac0687bc80ef2df79a7db82af1
                                                • Opcode Fuzzy Hash: b1fe3146d4d3ff878d453c241c008c2454d0d43b30dc6e09cedbc86b71a164ab
                                                • Instruction Fuzzy Hash: 7E71CF35A042049FCB14EFA8D854BEEBBB6FF85325F108429E845DB2A0DB359C56CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e4f3f4ac58afafc3b4217ae5921ee78893dee99321b5a301c46f7c798e4bb1a
                                                • Instruction ID: ce5c1903d93b70eff9078c2458b29406dbb74b55d8b48f2c8032a97365c2b843
                                                • Opcode Fuzzy Hash: 9e4f3f4ac58afafc3b4217ae5921ee78893dee99321b5a301c46f7c798e4bb1a
                                                • Instruction Fuzzy Hash: 6261BF35B002049FCB08DFA8E4949ADBBB2FFC9321B14856DE845AB351DF319C56CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a25b8800b9a750520a2e7551cc6870b1b40d0c43d1b512adc8a644a09bf47667
                                                • Instruction ID: 7c320cdaf13437ba88a32453c849f4d025f25af76e16942400e8e01cc27f1921
                                                • Opcode Fuzzy Hash: a25b8800b9a750520a2e7551cc6870b1b40d0c43d1b512adc8a644a09bf47667
                                                • Instruction Fuzzy Hash: 65611C34B002458FCB45EFB8C580ADEB7F6BF99318B1089A8D445AB361DB71ED458BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33808da9de044059bddea31a96ae9e53fc978025433093e92807bf90ebbc403a
                                                • Instruction ID: 13a1b871c77615158d5c0d4b2dfcc771488fb9d2105308302e2bce0e0b0a4152
                                                • Opcode Fuzzy Hash: 33808da9de044059bddea31a96ae9e53fc978025433093e92807bf90ebbc403a
                                                • Instruction Fuzzy Hash: DC517B347106019FDB59EB34C4A4BAA7BE2BF89304F14856DE8469B3A1CB34EC46CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6cebd8f884d1469d9d27d9446740b6d0ef41a39a1fdd77807f6eb220bbd9f225
                                                • Instruction ID: 38aa021a0ea4162bcfbad3a0e723dad903038c2da4250cbd13e149c889b33c34
                                                • Opcode Fuzzy Hash: 6cebd8f884d1469d9d27d9446740b6d0ef41a39a1fdd77807f6eb220bbd9f225
                                                • Instruction Fuzzy Hash: E7611E34B002058FCB45EFB8C580ADEB7F6FF99318B1089A8D455AB361DB71ED458BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52231cf844ce70cfd90c4a012e085cbff20982b84125f778d437a50d5fed884f
                                                • Instruction ID: b2e22c5568664e64477d4f43d486360091f518a04e17558bf1dc01978e557295
                                                • Opcode Fuzzy Hash: 52231cf844ce70cfd90c4a012e085cbff20982b84125f778d437a50d5fed884f
                                                • Instruction Fuzzy Hash: 615105B1900368DFDB20DF95C840BDEBBB5FB49314F1085A9D948A7200DB716A88CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 307de815ba70d8200d8f70082b6137421f364b9ecc7af29bc8f6929594d606ef
                                                • Instruction ID: 8de5dfe4e6186b05635860b5a071fa61fe1a0d2d616790c0e9cac0b09d01f14b
                                                • Opcode Fuzzy Hash: 307de815ba70d8200d8f70082b6137421f364b9ecc7af29bc8f6929594d606ef
                                                • Instruction Fuzzy Hash: 495105B1900328DFDB20DF95C884BDEBBB5FB49314F1084A9E908A7240DB716E88CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f047fd05291be4c29170211d3b31305e60ae465e3393c3fa7275e37054de3206
                                                • Instruction ID: 5fba8447144074ad0b30c89f4641dc225055cc1920f2384c0684f3f452fb0056
                                                • Opcode Fuzzy Hash: f047fd05291be4c29170211d3b31305e60ae465e3393c3fa7275e37054de3206
                                                • Instruction Fuzzy Hash: D75169346106019FD755EF34C498BAA7BE2FF88304F14886DE8469B3A1CB35EC86CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9bae65643f0a6b5dbc2d89f250454de29077bae984ecbceb4bf5a5c4ef4a117
                                                • Instruction ID: 8458a3ffbf5a102deb2198bde8251d368dcc6544d67a711e3eb20521b2dd6f2e
                                                • Opcode Fuzzy Hash: a9bae65643f0a6b5dbc2d89f250454de29077bae984ecbceb4bf5a5c4ef4a117
                                                • Instruction Fuzzy Hash: 71417D34A04215CFCB14CF99C494AAEFBF1FF89320B1582A9D555DB761C735A852CFA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2080dda671c7e68bfa52f153f30c5716b588f9e2fdaf52ed8a137f9780070cc9
                                                • Instruction ID: a4bfbf5711b7a272504bcb79ea8acfc64fd592f2f8ccb3f2a2a365d2eb4a047b
                                                • Opcode Fuzzy Hash: 2080dda671c7e68bfa52f153f30c5716b588f9e2fdaf52ed8a137f9780070cc9
                                                • Instruction Fuzzy Hash: 6B4156343006019FC74AEF38D498969BBB2FF8A35571485A9E40ACB362CF75EC46CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f4747bd9380af8f3722eb1e59d5872608902823b48769e51e23da73e667d8b4
                                                • Instruction ID: 6a45c39575f2e8bfab8e7b317d1d75b308e02236680079bf2775e2d0ad4d36cf
                                                • Opcode Fuzzy Hash: 9f4747bd9380af8f3722eb1e59d5872608902823b48769e51e23da73e667d8b4
                                                • Instruction Fuzzy Hash: 7431F1307002455FCB05E7B884647BF76E6AFE9348F15847D940ADBB95EE34DC0A83A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db79c5614e3e4cb8728fe0b1beb45e2a80f3b43dc57e2edb1af0ddf32841287f
                                                • Instruction ID: bf632b1cda2e3db8a6d20487b7de2ae8ff9f7349db63cd43aff19ff754494890
                                                • Opcode Fuzzy Hash: db79c5614e3e4cb8728fe0b1beb45e2a80f3b43dc57e2edb1af0ddf32841287f
                                                • Instruction Fuzzy Hash: 64317975B002189FCB14EBA9D9856BE77B6FB88314F14412DE906E7380EF34AD45CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03a393722b27abeb3354683f78844377e59cd8b5b9782916105db9a34ebdff55
                                                • Instruction ID: cec3dc7ff9b0854caf222fb0ca377969295edc85617675b7d1c6b071e4f66b32
                                                • Opcode Fuzzy Hash: 03a393722b27abeb3354683f78844377e59cd8b5b9782916105db9a34ebdff55
                                                • Instruction Fuzzy Hash: DD311878A01319CFDB24DF20C544B9AB7B2BF48306F2089ACD84697390EB35E995CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 32ef5282feb4eae2160745751fc4188386bdb97d84fb0c888dc06671c246f700
                                                • Instruction ID: 340962c3844b59380614dd4bb56354b328655ad64335733ddec113bcbd3f3edb
                                                • Opcode Fuzzy Hash: 32ef5282feb4eae2160745751fc4188386bdb97d84fb0c888dc06671c246f700
                                                • Instruction Fuzzy Hash: 13319170A00255CFD710EF68C544AAEBBF2EF85304F1189ADC455AB392DB79D946CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63ef9e37fc9262c74cd638eb343b10031989d2d383009883db316690480e8c7a
                                                • Instruction ID: 91a249fca4d1b05356be2e8513422f24e1271c96961611679d7a035b14b8b061
                                                • Opcode Fuzzy Hash: 63ef9e37fc9262c74cd638eb343b10031989d2d383009883db316690480e8c7a
                                                • Instruction Fuzzy Hash: 26312C74A042458FCB14CF98C594AAEFBB1FF88320B258699D459DB3A2C735EC91CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cec683f31d67742a2baf45c4474526213306ea6a41415970cb338d53ffe274a2
                                                • Instruction ID: 0663589148c45e42ae96d17cf100c3a0233c8a55ee2bcf27d26355833fe46365
                                                • Opcode Fuzzy Hash: cec683f31d67742a2baf45c4474526213306ea6a41415970cb338d53ffe274a2
                                                • Instruction Fuzzy Hash: A6314B34A042058FCB14CF58C5A4AAEF7B1FF48320B258699D499DB3A2C335EC91CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b67196a2b364e15f6859d53593e19691acfc073c686e7672900387aa585346b
                                                • Instruction ID: 8b8443fd6713f21632ea73647d8a41ab36985bf19fc7e26078e1828def375e4b
                                                • Opcode Fuzzy Hash: 7b67196a2b364e15f6859d53593e19691acfc073c686e7672900387aa585346b
                                                • Instruction Fuzzy Hash: 7221C135A002458BE715EB68D840BEEBBE6EF89310F24487DD406BB291DA716C45CFA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95cfd572ac84096540a1d5c21e1a03626d5aca9888cb2c2ffaacf9bf9151b08b
                                                • Instruction ID: d9705b8d625e53c112d52b48e71b982b4e9ccd588208a900bbf945d232a21391
                                                • Opcode Fuzzy Hash: 95cfd572ac84096540a1d5c21e1a03626d5aca9888cb2c2ffaacf9bf9151b08b
                                                • Instruction Fuzzy Hash: B6214D35710115CFCB50EFB8C6449DD77F2AF89318B118AE8D415AB3A1DB32ED458B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 957b6f882f3c42b49d25f4bc370118b912fe1fb492a37eccaee27a1ed09e90cb
                                                • Instruction ID: d11b5bedf9bbe8192297886f21e5812762348cfe8af398f6956c48b8d2a6f719
                                                • Opcode Fuzzy Hash: 957b6f882f3c42b49d25f4bc370118b912fe1fb492a37eccaee27a1ed09e90cb
                                                • Instruction Fuzzy Hash: 0D219F306005598FCB18EFA4D91C7BD7BB2AF89300F1444EDD012A72A2CFB95D59CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67941f8708c16b9a3ab3fa2e501f87eb9ec8a0383b04f25d9724671256007c2a
                                                • Instruction ID: 1a7b22920c0df6e6dfcd53b767149a7cda5ac2ebeac6bb53c95dbbf1a082a4ef
                                                • Opcode Fuzzy Hash: 67941f8708c16b9a3ab3fa2e501f87eb9ec8a0383b04f25d9724671256007c2a
                                                • Instruction Fuzzy Hash: 34210F31200315DFC711EB64E840DAABBF6FF86325B108D6DD4868F261DB31AC1ACBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48c0e1ed128e2b7a4ee53545205a773079355d46c065774fee42c61d35c80a9f
                                                • Instruction ID: b34c32aeefd26ff4fce64b4edc2a4b972b552486cecc34b7ce5804a8e7a6e083
                                                • Opcode Fuzzy Hash: 48c0e1ed128e2b7a4ee53545205a773079355d46c065774fee42c61d35c80a9f
                                                • Instruction Fuzzy Hash: DF117C30A005158BCB18EFA0D91C6ADBBB2FF88700F1484ACD002A73A1CFB95D55CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 282f9e3e27aef1fcbccf0344d53417ee61d88485b5a91ae9e5bafb2fa6ec5791
                                                • Instruction ID: a2f80087004ca78a3b136bfb46d1a842e7be9112242446a5f25c723cd69b579d
                                                • Opcode Fuzzy Hash: 282f9e3e27aef1fcbccf0344d53417ee61d88485b5a91ae9e5bafb2fa6ec5791
                                                • Instruction Fuzzy Hash: D8115E35A00219EFDF11CFA0C900BDEBB76FF58305F208269E505A6660D736DA69DF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.369687097.000000000125D000.00000040.00000001.sdmp, Offset: 0125D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eed3b628b72f12e4669f7b73f63cc6c2eaef86eb1d2f8a1509a1529d9fa13088
                                                • Instruction ID: bd148756a55f6ed54aadd0eb18752d7cf2b98cc464d172d15ffa622a6a9c6755
                                                • Opcode Fuzzy Hash: eed3b628b72f12e4669f7b73f63cc6c2eaef86eb1d2f8a1509a1529d9fa13088
                                                • Instruction Fuzzy Hash: EB012B704283489AE7504A95CCC4BA7FFCCEF417B8F08C419EE041B246C3B99445C7B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.369687097.000000000125D000.00000040.00000001.sdmp, Offset: 0125D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ee6b9256c0df827c3ec7ea804431b3675d673a7b857ce156196f245d5c8acc3
                                                • Instruction ID: 35265ca59c3c1b5324e88e040abebc3f1c472cfbc47425dc20330252039d876a
                                                • Opcode Fuzzy Hash: 4ee6b9256c0df827c3ec7ea804431b3675d673a7b857ce156196f245d5c8acc3
                                                • Instruction Fuzzy Hash: 94015E7140D3C45FE7128B258C94B56BFA4EF43264F1981DBE9849F297C2799848C7B2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3335d7fe661b2a9c72f24c2bb1a51594729e7bb819e0c67be4040bcaf7ced575
                                                • Instruction ID: 3aefae643f19c7a08a93332a2e742f30de4f426d508aa2f603d08d99fb216ae0
                                                • Opcode Fuzzy Hash: 3335d7fe661b2a9c72f24c2bb1a51594729e7bb819e0c67be4040bcaf7ced575
                                                • Instruction Fuzzy Hash: FBF0CD2220C3906BC7121ABB18149BB7FB8DB93574B0801AFE584C7143D429D98893B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d8fea2f2481982c607bad6a1e613f2e18c5d545bb70ec00b39d4f068112685c
                                                • Instruction ID: 77396bd2daed671056cd0dd89870b29c62fd7a333945971c4de0bfb40ba37eb2
                                                • Opcode Fuzzy Hash: 3d8fea2f2481982c607bad6a1e613f2e18c5d545bb70ec00b39d4f068112685c
                                                • Instruction Fuzzy Hash: 4EF059213042500BC33B367AA4246BF3FA7DFC0521B09083DD90ACB292CF56EC4683DA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e06ee6da13a5ee853ecba13a4af8711e698a6a76841c256fa1147813dc30043
                                                • Instruction ID: 9ddbeafcf2b8bd77ead2332ae48f36067395e7692814966089546d565ad9b849
                                                • Opcode Fuzzy Hash: 6e06ee6da13a5ee853ecba13a4af8711e698a6a76841c256fa1147813dc30043
                                                • Instruction Fuzzy Hash: E3F090203086814FD382EBA8D864A667FE5EFC6300F1995AED445CB697CA35EC0687A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e8232e7c16681f4027504f1cd9647920f988c7929ce73dd202baff17b27cafc
                                                • Instruction ID: 269571e0c902d79cd14e0ccc47d09e2460592cd0d897bf11a748719943b34466
                                                • Opcode Fuzzy Hash: 8e8232e7c16681f4027504f1cd9647920f988c7929ce73dd202baff17b27cafc
                                                • Instruction Fuzzy Hash: 45F03076200618AF9B14DB45EC44CABBBFDFB8D661300801AF64983720DB32AD11CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 776b8eac3c3e9aee5c8555713212c19f430f7778bf47c313236f48475b9528e8
                                                • Instruction ID: f921aa53323c84a8b65562e576da5b096e26b663bb5d518b2083fddb0d8228e8
                                                • Opcode Fuzzy Hash: 776b8eac3c3e9aee5c8555713212c19f430f7778bf47c313236f48475b9528e8
                                                • Instruction Fuzzy Hash: AFE02B2130475016D715126A94003513FAD8F83325F1900EFD5C4C7192DF50B877C3E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9721fd592d6d877916c56aab038cab14fee86264645aedd978f53524dfd5cfd
                                                • Instruction ID: 0ee58143ce31fc67cff4122ffcff3ddc309f5ab9a4723264a528e6e6220f76f6
                                                • Opcode Fuzzy Hash: d9721fd592d6d877916c56aab038cab14fee86264645aedd978f53524dfd5cfd
                                                • Instruction Fuzzy Hash: 53E0123660011DBF8F059E959C04CEF7FAEEB882607048026F918C2210DA3299219BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1761e42d1fd359ea756233177bb3e3ffa122a22a5029f804ea37226e73a07f5
                                                • Instruction ID: 181c4f3270085916e6a01e5d1f56631fd8e1110eb399fe65fc79528c9734376b
                                                • Opcode Fuzzy Hash: c1761e42d1fd359ea756233177bb3e3ffa122a22a5029f804ea37226e73a07f5
                                                • Instruction Fuzzy Hash: 88E0D8303141905FC746B368A85099A3BE6EFCB2107195596D055CB2E7CB24DC06C3D1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.371305259.0000000004D80000.00000040.00000001.sdmp, Offset: 04D80000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6295a2e70afbb695e589e1427286173f1e3ab465cedc381d7bb25758c532d7c2
                                                • Instruction ID: ef80109a7de0351c379be27a9d51e8cbfc8208c08206c044e606ed05de205a12
                                                • Opcode Fuzzy Hash: 6295a2e70afbb695e589e1427286173f1e3ab465cedc381d7bb25758c532d7c2
                                                • Instruction Fuzzy Hash: C1D0123270011447C739696BA818F7A76ABEBC0672B09413ED909C7254CEA6DC4196D9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000006.00000002.377313872.0000000008160000.00000040.00000001.sdmp, Offset: 08160000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 444093fea194f0b5efbaddca1b8c8e4e562fd41c8dc1917173bd0bc3417e6e01
                                                • Instruction ID: 59bd91b2d1a692d0e394c9553cd4af9385877e957be4da94f4339dcf233eb1fb
                                                • Opcode Fuzzy Hash: 444093fea194f0b5efbaddca1b8c8e4e562fd41c8dc1917173bd0bc3417e6e01
                                                • Instruction Fuzzy Hash: AAD0A7317001145B8740A6FCE0844AD77D99FA67547880065D006DFB60CE29EC0547D5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Executed Functions

                                                C-Code - Quality: 37%
                                                			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                				void* _t18;
                                                				void* _t27;
                                                				intOrPtr* _t28;
                                                
                                                				_t13 = _a4;
                                                				_t28 = _a4 + 0xc48;
                                                				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                				_t6 =  &_a32; // 0x413d52
                                                				_t12 =  &_a8; // 0x413d52
                                                				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                				return _t18;
                                                			}






                                                0x00418273
                                                0x0041827f
                                                0x00418287
                                                0x00418292
                                                0x004182ad
                                                0x004182b5
                                                0x004182b9

                                                APIs
                                                • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: R=A$R=A
                                                • API String ID: 2738559852-3742021989
                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: 41177aefb89e3b74df42d6007979d45de500ddc195bb151b688d6789a758bb29
                                                • Instruction ID: 7f8f00ffea4c4ca133080a7b9f4adf5b25fdd3e47ee08f38bf34383792293b09
                                                • Opcode Fuzzy Hash: 41177aefb89e3b74df42d6007979d45de500ddc195bb151b688d6789a758bb29
                                                • Instruction Fuzzy Hash: 51F0F2B2200208AFCB24DF89DC81EEB77A9AF88354F15855DFE0997241D630E910CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 57e86440328efc7bdafc9426277cbdba6811d652e00db0ab1c50c760037e9fb5
                                                • Instruction ID: d220808703bf2512316524ab475d7ed67ce4c38773386538ec68abc94c31d3fb
                                                • Opcode Fuzzy Hash: 57e86440328efc7bdafc9426277cbdba6811d652e00db0ab1c50c760037e9fb5
                                                • Instruction Fuzzy Hash: D9E0C232640214ABD720EFE4DC89ED77B68EF48720F044459FA1C5B242C930FA0187D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: dbb6f62d831cc500803bb3cfbb4995767e788850486236138c32c6b2b8814f14
                                                • Instruction ID: 542e96301bd3f292121838ed4eea949f75a7eb344e0f13651ab4f5c2d68b758e
                                                • Opcode Fuzzy Hash: dbb6f62d831cc500803bb3cfbb4995767e788850486236138c32c6b2b8814f14
                                                • Instruction Fuzzy Hash: D59002B170100403F140719944047460005A7E0341F51C012A5054595EC7A98DD576A9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 732c8d230e47ea61b73d4aa44a32daf83ba688b9ca2c2d1d8585aa65c1f2f05f
                                                • Instruction ID: d9d28db6e5bebcdad97240f3708bd2ae6f326eae5cdca4bba19761033b9a6f7f
                                                • Opcode Fuzzy Hash: 732c8d230e47ea61b73d4aa44a32daf83ba688b9ca2c2d1d8585aa65c1f2f05f
                                                • Instruction Fuzzy Hash: 909002A174100443F10061994414B060005E7F1341F51C016E1054595DC769CC52716A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ec8476a5a3a863adf360d04e56c3f1792375d48eeab969e7e2b6495ee8f4fd2d
                                                • Instruction ID: b84462e09b61973d1e4b25026ec8607118be767cb440c76d69ccdfab6b3af65d
                                                • Opcode Fuzzy Hash: ec8476a5a3a863adf360d04e56c3f1792375d48eeab969e7e2b6495ee8f4fd2d
                                                • Instruction Fuzzy Hash: F390027170100413F111619945047070009A7E0281F91C413A0414599DD7A68952B165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e679f0579a601183031d9e82385cf22ac4598b6483c8490cbfeedc1a4cebd28e
                                                • Instruction ID: 8be0018dd03f75ccd8cb63bb13b19ecb93a24f4af59fce89b1fd9400a27e425e
                                                • Opcode Fuzzy Hash: e679f0579a601183031d9e82385cf22ac4598b6483c8490cbfeedc1a4cebd28e
                                                • Instruction Fuzzy Hash: 0F90026171180043F20065A94C14B070005A7E0343F51C116A0144595CCA6588616565
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 47884c20772705fd126708e928f83b44c87bf117414d46980b5ac64966ae69cc
                                                • Instruction ID: 407a788ad8eb6f5120e531b26e6c00a6bdb692537177b34b5af0949785e92618
                                                • Opcode Fuzzy Hash: 47884c20772705fd126708e928f83b44c87bf117414d46980b5ac64966ae69cc
                                                • Instruction Fuzzy Hash: 3990027170140403F1006199481470B0005A7E0342F51C012A1154596DC775885175B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ced2cc4d9ec3333e3e5a026ba9bc2658f2d6a74b6957531ccd497b31d0dd34d5
                                                • Instruction ID: 1076649f50b415b94372ed1cf5abe867c075385764d5e45edff227543ac202fe
                                                • Opcode Fuzzy Hash: ced2cc4d9ec3333e3e5a026ba9bc2658f2d6a74b6957531ccd497b31d0dd34d5
                                                • Instruction Fuzzy Hash: 119002A170200003610571994414616400AA7F0241B51C022E10045D1DC67588917169
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d206ed980363bf22bc65734ed1f7a8721a218e5a229de62aa263f307d79c2cdc
                                                • Instruction ID: 6942c82388e391a4882f019b81113e575fcd2924bcabacfcb11cd38a9dc62ce7
                                                • Opcode Fuzzy Hash: d206ed980363bf22bc65734ed1f7a8721a218e5a229de62aa263f307d79c2cdc
                                                • Instruction Fuzzy Hash: 4990027170100403F10065D954086460005A7F0341F51D012A5014596EC7B588917175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a8dc3bf3842021dbcc2aeafd3874e902f3ad6355ee86f5ab693a2e6a4c5b3dd5
                                                • Instruction ID: 8a1cfb0aecb6a3d06861bfc71fcd3239de3bec1d73631a87822a08243bfdab60
                                                • Opcode Fuzzy Hash: a8dc3bf3842021dbcc2aeafd3874e902f3ad6355ee86f5ab693a2e6a4c5b3dd5
                                                • Instruction Fuzzy Hash: CC90027171114403F110619984047060005A7E1241F51C412A0814599DC7E588917166
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: fd0efeff3a8637d217de14bde4300a29320d419a7d74da02d6aefeb2fff4c071
                                                • Instruction ID: 4736bd24955401f04e6688adbf7ab1a19209fe19f5a831b8d47b2abb2555b22f
                                                • Opcode Fuzzy Hash: fd0efeff3a8637d217de14bde4300a29320d419a7d74da02d6aefeb2fff4c071
                                                • Instruction Fuzzy Hash: A390026971300003F1807199540860A0005A7E1242F91D416A0005599CCA6588696365
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7e6aa51917ac6adb611c4e055d93114e6753e2abc5b1d10bbe68fabb71a0c2f7
                                                • Instruction ID: cb48e0ce96242f2c6a522c74a8e3c849f94995aab145cb8537221fd7bdcf7303
                                                • Opcode Fuzzy Hash: 7e6aa51917ac6adb611c4e055d93114e6753e2abc5b1d10bbe68fabb71a0c2f7
                                                • Instruction Fuzzy Hash: C490027170100803F1807199440464A0005A7E1341F91C016A0015695DCB658A5977E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2fc308f1145de23a1add7aa296fc27fb1330d0d668a0c1561679628e83f7fdcf
                                                • Instruction ID: ae72cf0aa7f57bd4ab83a8fdfd983fde695153e913697f65670320adf2a16f86
                                                • Opcode Fuzzy Hash: 2fc308f1145de23a1add7aa296fc27fb1330d0d668a0c1561679628e83f7fdcf
                                                • Instruction Fuzzy Hash: C190027170108803F1106199840474A0005A7E0341F55C412A4414699DC7E588917165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 3b10f51d4f70c59fa17f6da5c608171a467a121ff8cec29de02a4687b60f1b2f
                                                • Instruction ID: 1daa5620dc62a824af82ca413e527a5ffb8199e0b0ced3e3fe98630f6922268e
                                                • Opcode Fuzzy Hash: 3b10f51d4f70c59fa17f6da5c608171a467a121ff8cec29de02a4687b60f1b2f
                                                • Instruction Fuzzy Hash: 5EF027716042146FC725DF04DC40EEB3729EF95320F11455BF9488B282DA30E851CAB4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: d68b687988b20cc47d6f07dc908b78e66c87a82d6c87fe2476c447ffbee0ef56
                                                • Instruction ID: a7f94ba997aa0bb61d975e2850e0814cbe8e5746dbe5ca5b1992310815c237fe
                                                • Opcode Fuzzy Hash: d68b687988b20cc47d6f07dc908b78e66c87a82d6c87fe2476c447ffbee0ef56
                                                • Instruction Fuzzy Hash: 24F082753002146FDB24EF58DC80EEB7369EF84350F114A59FA485B341CA31E904C7A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.543592754.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: dd0cb9ff169640ca7669cc242ecdf015d4e57fb9a150917db41a03b84e8283b2
                                                • Instruction ID: c4a5c7a46777d4f9b6b0a3e630eea435ca492c93f056e880eef2ddc811e915ca
                                                • Opcode Fuzzy Hash: dd0cb9ff169640ca7669cc242ecdf015d4e57fb9a150917db41a03b84e8283b2
                                                • Instruction Fuzzy Hash: B3B09B71D064C5C6F611D7A44608717790477D4745F16C053D1060692B4778C091F5B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Strings
                                                • <unknown>, xrefs: 014AB27E, 014AB2D1, 014AB350, 014AB399, 014AB417, 014AB48E
                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 014AB2F3
                                                • *** enter .exr %p for the exception record, xrefs: 014AB4F1
                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 014AB314
                                                • Go determine why that thread has not released the critical section., xrefs: 014AB3C5
                                                • read from, xrefs: 014AB4AD, 014AB4B2
                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 014AB352
                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 014AB3D6
                                                • This failed because of error %Ix., xrefs: 014AB446
                                                • The critical section is owned by thread %p., xrefs: 014AB3B9
                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 014AB39B
                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 014AB484
                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 014AB2DC
                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 014AB53F
                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 014AB476
                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 014AB323
                                                • *** Inpage error in %ws:%s, xrefs: 014AB418
                                                • *** enter .cxr %p for the context, xrefs: 014AB50D
                                                • a NULL pointer, xrefs: 014AB4E0
                                                • an invalid address, %p, xrefs: 014AB4CF
                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 014AB47D
                                                • *** An Access Violation occurred in %ws:%s, xrefs: 014AB48F
                                                • The instruction at %p tried to %s , xrefs: 014AB4B6
                                                • *** then kb to get the faulting stack, xrefs: 014AB51C
                                                • The resource is owned shared by %d threads, xrefs: 014AB37E
                                                • The instruction at %p referenced memory at %p., xrefs: 014AB432
                                                • write to, xrefs: 014AB4A6
                                                • The resource is owned exclusively by thread %p, xrefs: 014AB374
                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 014AB305
                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 014AB38F
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                • API String ID: 0-108210295
                                                • Opcode ID: ea944c781b244ba2d8580e41b67c9cfba35b85ddbc60b57032883da5c9448dc2
                                                • Instruction ID: 17a82652392b88a07e45d6ff40982f3051a3c18d97aedcda8dd4cb9375af480c
                                                • Opcode Fuzzy Hash: ea944c781b244ba2d8580e41b67c9cfba35b85ddbc60b57032883da5c9448dc2
                                                • Instruction Fuzzy Hash: A1813131A00220FFDB21BA4A9C49D6F3B66EF76A59F82405AF5052F372D3718452C7A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                • API String ID: 0-2897834094
                                                • Opcode ID: 596037d0aa7ba5ee19fe10b1601ac91ffe10ffae98b8ecf31a584640c1a5e45e
                                                • Instruction ID: 2273f4f6ee1a6fe9959c5ff5664de908ab014587708f7260ea970c531b493577
                                                • Opcode Fuzzy Hash: 596037d0aa7ba5ee19fe10b1601ac91ffe10ffae98b8ecf31a584640c1a5e45e
                                                • Instruction Fuzzy Hash: B561C37B510255DFD321AB89F4D9E61B3E8EB04D38B09803FF5096F366D63498429F2A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                • API String ID: 0-3591852110
                                                • Opcode ID: 8903d5f2b4d29e5e593203e75892205229cab451414c63b95e944f6aae91c5cf
                                                • Instruction ID: 92e3853be5ad0f0e3d9b19efb4cf8c9b8ce92dfb540effaeca972ac3fac45223
                                                • Opcode Fuzzy Hash: 8903d5f2b4d29e5e593203e75892205229cab451414c63b95e944f6aae91c5cf
                                                • Instruction Fuzzy Hash: 5812DF702006429FEB25CF69C495BB7BBF5EF04714F18845EE5868B7A2D734E881CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                • API String ID: 0-1357697941
                                                • Opcode ID: 099ff485d8f232d2623545ef41b92fa9c72145698608d8d31a54c79cd9080231
                                                • Instruction ID: 9bc05d6d8897453714ab7fc9ecd459a13b3655dd11b2f51a079d6f2a5cd69973
                                                • Opcode Fuzzy Hash: 099ff485d8f232d2623545ef41b92fa9c72145698608d8d31a54c79cd9080231
                                                • Instruction Fuzzy Hash: 96F12271600646DFDB25CF69C484BEAFBF5FF45308F08801AE28697762C734A986CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • RtlpProbeAssemblyStorageRootForAssembly, xrefs: 0146AFCE
                                                • SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING., xrefs: 0146AE56
                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 0146AF46
                                                • SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p, xrefs: 0146AFD3
                                                • SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed., xrefs: 0146AE87
                                                • @, xrefs: 0142D16E
                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 0146AEB8
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: @$RtlpProbeAssemblyStorageRootForAssembly$SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p$SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.$SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx
                                                • API String ID: 0-541586583
                                                • Opcode ID: 392633266c51b5a136150d60f979542f185b94f8079497b0132c408e8d70c547
                                                • Instruction ID: e57b644194d7d054d2919a77d0da18613664691ea1bf78e107579ff0e0ada309
                                                • Opcode Fuzzy Hash: 392633266c51b5a136150d60f979542f185b94f8079497b0132c408e8d70c547
                                                • Instruction Fuzzy Hash: 3BC1E471D002399BDB249F59CC88BAAB7B4EF68714F1440DBE909A73A0D7309E81CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-523794902
                                                • Opcode ID: 67205b78db8c07a4027732e2a72c12b4bd0d2e249ee05af0499dc254d57813dd
                                                • Instruction ID: 043f618a70a93e1d79643fb15831f01494aa27600eacb6748de010c774deeeb3
                                                • Opcode Fuzzy Hash: 67205b78db8c07a4027732e2a72c12b4bd0d2e249ee05af0499dc254d57813dd
                                                • Instruction Fuzzy Hash: 3A4232712093829FC715CF29C884B2BBBE5FF94608F14492EF5868B366D734D982CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                • API String ID: 0-1745908468
                                                • Opcode ID: 2c908b7717c0102aeb3b8ae7842fa7bdf4309c151ff30cb14d29b25a844e5ae8
                                                • Instruction ID: a05f12eb6c723e7e8699e0b2d00a3933e6e6d9c6cc08a2692a0e349d72f8e33a
                                                • Opcode Fuzzy Hash: 2c908b7717c0102aeb3b8ae7842fa7bdf4309c151ff30cb14d29b25a844e5ae8
                                                • Instruction Fuzzy Hash: 31911271500641DFDB22DFAEC494AEEBBF2FF59614F18801EE5455B3A2C772A942CB20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • .Local\, xrefs: 0142CD61
                                                • @, xrefs: 0142CE1D
                                                • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 0146AD78
                                                • \WinSxS\, xrefs: 0142CDF3
                                                • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 0146AD9C
                                                • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 0146AD06
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                • API String ID: 0-3926108909
                                                • Opcode ID: 6a089b68b6f3644ce873a3aec78fdbe8d68438f8bafaf43903993c69521300c6
                                                • Instruction ID: 145dcdacef3e74c516ba2db71e3aa34ebd814f0aa65410cbf5ffba8cbc071173
                                                • Opcode Fuzzy Hash: 6a089b68b6f3644ce873a3aec78fdbe8d68438f8bafaf43903993c69521300c6
                                                • Instruction Fuzzy Hash: 4381FD715047129FD711DF29C880A2FBBE8BF95708F54895EF8849B3A1D370D886CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • Kernel-MUI-Language-SKU, xrefs: 01403F70
                                                • Kernel-MUI-Number-Allowed, xrefs: 01403D8C
                                                • Kernel-MUI-Language-Disallowed, xrefs: 01403E97
                                                • WindowsExcludedProcs, xrefs: 01403D6F
                                                • Kernel-MUI-Language-Allowed, xrefs: 01403DC0
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                • API String ID: 0-258546922
                                                • Opcode ID: 69aaaa2640702ed506b4efa67541d1532f222ddd96205cdf7ef13bbe0b8ba42f
                                                • Instruction ID: d83a2dea379a4b4a83b3beeade1b1c7094b5b3831c4f53a67355d8b417e1d416
                                                • Opcode Fuzzy Hash: 69aaaa2640702ed506b4efa67541d1532f222ddd96205cdf7ef13bbe0b8ba42f
                                                • Instruction Fuzzy Hash: 19F15F76D00619EFCB12DF9AC980AEFBBB9FF58650F14006BE905A7261D7309E01CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                • API String ID: 0-188067316
                                                • Opcode ID: 8cf704a95a90e645bee1332d38c83c79e253a79d8a43f13a35658a7ecd33c700
                                                • Instruction ID: 87f9e28d0e43f7abc3a5058fc9f8f8ce07ec02c660699591e5b343ff5ee5f816
                                                • Opcode Fuzzy Hash: 8cf704a95a90e645bee1332d38c83c79e253a79d8a43f13a35658a7ecd33c700
                                                • Instruction Fuzzy Hash: F7014CB71002419EE325976EF40EF53BBA4DF01B38F19403EF5044B752CBB49440C211
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • HEAP[%wZ]: , xrefs: 014622D7, 014623E7
                                                • HEAP: , xrefs: 014622E6, 014623F6
                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01462403
                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 014622F3
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                • API String ID: 0-1657114761
                                                • Opcode ID: d85d2f9225e80403de1f51f8bff90907b28bedfbcc92bd8572726995d291d494
                                                • Instruction ID: 73b71e602220b1abe355a992dce9d36da57376154b2e2c103e53ba3006d72eb7
                                                • Opcode Fuzzy Hash: d85d2f9225e80403de1f51f8bff90907b28bedfbcc92bd8572726995d291d494
                                                • Instruction Fuzzy Hash: 01D1F3746012869FDB19CF6CC580BBAB7F2FF44304F24856ED95A9B36AD330A881CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • .Local, xrefs: 0142C9A4
                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 0146A7E1, 0146A8B9
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 0146A8BE
                                                • SXS: %s() passed the empty activation context, xrefs: 0146A7E6
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                • API String ID: 0-1239276146
                                                • Opcode ID: d6ff818dd5ee9c0f503c906d44f5bd4b2ba2a54e0c04ce74259646c56f0adade
                                                • Instruction ID: f41f85e0afb4a9de7cebf0b0bc4a75674f036319e1c8518d6c9424eb89dd89bd
                                                • Opcode Fuzzy Hash: d6ff818dd5ee9c0f503c906d44f5bd4b2ba2a54e0c04ce74259646c56f0adade
                                                • Instruction Fuzzy Hash: 18A1C231A0022ADBDB24CF59D884BAAB7B4BF58314F6441EAD908A7361D7709EC1CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                • API String ID: 2994545307-2586055223
                                                • Opcode ID: f77cb6327035ffdf971baacba24461115cfbe9c50a058fc651a226592b6d7ef0
                                                • Instruction ID: 3650983230e59983f6c21864d5ef9d40eb9d920e5c97b8adb9ffe734ad842541
                                                • Opcode Fuzzy Hash: f77cb6327035ffdf971baacba24461115cfbe9c50a058fc651a226592b6d7ef0
                                                • Instruction Fuzzy Hash: E75126722056819FE322DB69C844FA77BE8FF90B14F18046AF5558B3B5D734E801CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                • API String ID: 2994545307-336120773
                                                • Opcode ID: c3d47dd94dad8c88c93ff9fd26f199fa8b466294c8115c8a9ad239181c5c679f
                                                • Instruction ID: 2dd2b14d8ef13319d9433a3c99b751c3a5254fdba41fb793a1f8c6ae2b3c24a4
                                                • Opcode Fuzzy Hash: c3d47dd94dad8c88c93ff9fd26f199fa8b466294c8115c8a9ad239181c5c679f
                                                • Instruction Fuzzy Hash: DE311672200110EFDB20DB9DD8C5FA7B7E8EF08624F18445AF5069B3A2D770A940CB79
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                • API String ID: 0-4256168463
                                                • Opcode ID: fcaff4788f8d27198ecbf76418126f9de9016d8f88ab1d6fa653c5e52532ffe9
                                                • Instruction ID: 503f5d207fd933263d9ab4f5619abf3eef420552887d8dc974008b9810f798fc
                                                • Opcode Fuzzy Hash: fcaff4788f8d27198ecbf76418126f9de9016d8f88ab1d6fa653c5e52532ffe9
                                                • Instruction Fuzzy Hash: C80145761102009FCB21EF6EC484BE7B3E8FF51A24F00845BE9069B3A1DB74E945CA71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: caf06210f3d1cd930a1ee7bca32227fa8fafce12e10333cece7ac5c8fdcf1c96
                                                • Instruction ID: 995c2841dc8064a559f51e2ebac3b5e349475d85e134e75d5dc04c3e50d22db8
                                                • Opcode Fuzzy Hash: caf06210f3d1cd930a1ee7bca32227fa8fafce12e10333cece7ac5c8fdcf1c96
                                                • Instruction Fuzzy Hash: D422F1706002469FEB24CF2DC495B7BBBB9EF84B08F18856EE4468B366D734D885CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-4253913091
                                                • Opcode ID: 664ffe6ff2115ad5c87d272bafa04e5c56a1818902a2350dae5bbb6e2a775de7
                                                • Instruction ID: 034c25f85878bf3ffc19d07fe08c958259154fa06993333e7627fc78eab55278
                                                • Opcode Fuzzy Hash: 664ffe6ff2115ad5c87d272bafa04e5c56a1818902a2350dae5bbb6e2a775de7
                                                • Instruction Fuzzy Hash: D4E1BD70700206AFDB19CF68C894FBABBB5FF48308F1485AAE5169B3A5D770E941CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • 0b, xrefs: 0146BE66
                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0146BE0F
                                                • 8j, xrefs: 0142FAF1
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$0b$8j
                                                • API String ID: 0-753380824
                                                • Opcode ID: bf2de46a6aecb13c719af4c9f7883d2e21b2b1b47626b2d370133bae593cf384
                                                • Instruction ID: 173cc638212b865c8e3532b36dd47540e4c8d7ac6135d4cc615cadd8cadcb3d5
                                                • Opcode Fuzzy Hash: bf2de46a6aecb13c719af4c9f7883d2e21b2b1b47626b2d370133bae593cf384
                                                • Instruction Fuzzy Hash: AFA10671B006168BEB26CB6AC45076AB7B8FF54624F84456FD906CB7B1DB30D886CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: FilterFullPath$UseFilter$\??\
                                                • API String ID: 0-2779062949
                                                • Opcode ID: 06bc93bc4a3517d48a394b352da3e95fed7f8c44fcd5cfe5b3215ef48d87a64c
                                                • Instruction ID: 5c4ed291282b02d8ff7d00ee20365e33e499fe9077543a1668d8f25607a06a3c
                                                • Opcode Fuzzy Hash: 06bc93bc4a3517d48a394b352da3e95fed7f8c44fcd5cfe5b3215ef48d87a64c
                                                • Instruction Fuzzy Hash: 0AA181729016299BDF71DF18CC88BAAB7B4FF54714F1001EAEA08A7261D775AE84CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • HEAP[%wZ]: , xrefs: 0146A0AD
                                                • HEAP: , xrefs: 0146A0BA
                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0146A0CD
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                • API String ID: 0-1340214556
                                                • Opcode ID: 2972c6ce02e1c00f43c70d5adaf69ce4033dcf057822dee2f3e39a8b45f324e7
                                                • Instruction ID: 3e39b7bf46a90ad0b24f8422c702eafa4b748d9323ec196c33b379403f542052
                                                • Opcode Fuzzy Hash: 2972c6ce02e1c00f43c70d5adaf69ce4033dcf057822dee2f3e39a8b45f324e7
                                                • Instruction Fuzzy Hash: 5C811771200A55EFE726CB68C894BAABBF8FF04714F1401A6E951877B2D774E981CB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 014A256F
                                                • HEAP[%wZ]: , xrefs: 014A254F
                                                • HEAP: , xrefs: 014A255C
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                • API String ID: 0-3815128232
                                                • Opcode ID: 01331b0b86498e8c62a8560f9263526718add1a0d5d49572a6059e2a75b1378c
                                                • Instruction ID: 7d64aa9ec4d86db8153f4fac81fca407dfffa1ae5a39ab2b6ed32091b973c778
                                                • Opcode Fuzzy Hash: 01331b0b86498e8c62a8560f9263526718add1a0d5d49572a6059e2a75b1378c
                                                • Instruction Fuzzy Hash: 885104741002608AE774CE1EC844F727BF1EB68644F96486BE9D28B3A5D2B5D847FB20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • HEAP[%wZ]: , xrefs: 014642A2
                                                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 014642BA
                                                • HEAP: , xrefs: 014642AF
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                • API String ID: 0-1596344177
                                                • Opcode ID: a67d8b7f0f25c6208ddd0d6d8ec6fdd263f982958bfbeaad882f1963fc241708
                                                • Instruction ID: 9e48e6886cabd8c72cc018acbf5ba90da27df1ed8e94111500ada9f815049e74
                                                • Opcode Fuzzy Hash: a67d8b7f0f25c6208ddd0d6d8ec6fdd263f982958bfbeaad882f1963fc241708
                                                • Instruction Fuzzy Hash: F8511175A00515DFDB15DF59C884A6ABBF6FF84304F2980AAD805AB36AD730EC42CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-2558761708
                                                • Opcode ID: 24bb916a9796851ed407eaf3c4c04b5e9cc5dbe31b28332f9ba6a3b65eed4c8c
                                                • Instruction ID: b2f1e3ae78c48e78cc00fb3846482cf18bef7f767728e8b8a86958ed59b66f60
                                                • Opcode Fuzzy Hash: 24bb916a9796851ed407eaf3c4c04b5e9cc5dbe31b28332f9ba6a3b65eed4c8c
                                                • Instruction Fuzzy Hash: B311B1713146029FE729961AC484F36B7BAEF50A24F14806FE546CB379D770D842C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: `$`
                                                • API String ID: 0-197956300
                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                • Instruction ID: 33813df4470f1249488385b32e2c2ee2d3c125c78574ac26031d53d8d337e0c6
                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                • Instruction Fuzzy Hash: CB91A3312043429FE724CE29C981B9BBBE5EFD4714F14892EF699D72A0E774E904CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Legacy$UEFI
                                                • API String ID: 2994545307-634100481
                                                • Opcode ID: ca48fc466c006e09ed91316f3bde217026d084aa4c699b1dc2e72ddf09f90fef
                                                • Instruction ID: 720fa8eb764d2b89205582ddb77f01727253b34245818f627521c9f7adec2d2d
                                                • Opcode Fuzzy Hash: ca48fc466c006e09ed91316f3bde217026d084aa4c699b1dc2e72ddf09f90fef
                                                • Instruction Fuzzy Hash: D9516EB1E006099FDB25DFA9C940AAEBBF8FF58704F14442EE649EF261DB719901CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: 0$Flst
                                                • API String ID: 0-758220159
                                                • Opcode ID: fcb87f9c40e751b0ce19f9abc8c9db9b4de5331ea0908233a542e7df8c1772e5
                                                • Instruction ID: 14231c767b55440e62fd2e7812ae4461af430442df38c39bc64a0867c1f4e616
                                                • Opcode Fuzzy Hash: fcb87f9c40e751b0ce19f9abc8c9db9b4de5331ea0908233a542e7df8c1772e5
                                                • Instruction Fuzzy Hash: 4A41BFB5E00648CFDB25CF99C4807AEFBF5EF54318F14802ED24AAB656D7359845CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • RtlpInitializeAssemblyStorageMap, xrefs: 0146B0B2
                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0146B0B7
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                • API String ID: 0-2653619699
                                                • Opcode ID: 37753f445fd8629a77319e4f7eaa63388716a2317f4bfbf64987b2b26334c64d
                                                • Instruction ID: 0adeb49a21b848a3b0e14a5a5b906e79282b153537bfe298857f9e8b2f5faf77
                                                • Opcode Fuzzy Hash: 37753f445fd8629a77319e4f7eaa63388716a2317f4bfbf64987b2b26334c64d
                                                • Instruction Fuzzy Hash: 3511CA72F00315BBFB249A8D9D41FAB7AADDB94714F54806FFA04DB360E671DD4082A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 65b271c5de7e3e42064685e377c7c80a1debb7fcf05b28b5e9b8abf02a003c3b
                                                • Instruction ID: 509b0e713a484cb09f468e71b6e2e642241534e881796344ac0b6ca0d22b6fea
                                                • Opcode Fuzzy Hash: 65b271c5de7e3e42064685e377c7c80a1debb7fcf05b28b5e9b8abf02a003c3b
                                                • Instruction Fuzzy Hash: CA32BD706046519BEF25CF2DC090372BFE1AF45300F08859BE986DF2A6D735E856DBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0141B9A5
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID:
                                                • API String ID: 885266447-0
                                                • Opcode ID: 4130d9efb275e5b0f1e5b7c007ee4c0e3169df1a1b13f7e88cab1c183620d033
                                                • Instruction ID: 8d61aeced6279e58ca3e69d61fcda6ef66e515b50288726f50cbd964a33c5497
                                                • Opcode Fuzzy Hash: 4130d9efb275e5b0f1e5b7c007ee4c0e3169df1a1b13f7e88cab1c183620d033
                                                • Instruction Fuzzy Hash: 79515771A08341CFC721DF69C48092BBBF5FB88650F14896FEA8997769D770E841CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: PATH
                                                • API String ID: 0-1036084923
                                                • Opcode ID: e26a3f44f6a408816e30eb1cb87dd6d8d0307b86c3ad9184a1d36adb7bbb3bfd
                                                • Instruction ID: 98befb4315d9af9507931891d5860594b00960ccd6abf176cc3a77f0a650cdb8
                                                • Opcode Fuzzy Hash: e26a3f44f6a408816e30eb1cb87dd6d8d0307b86c3ad9184a1d36adb7bbb3bfd
                                                • Instruction Fuzzy Hash: 0FC19071E00229DBDB25DF99D880FAEBBB5FF58740F44402AE505AB370D774A982CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Re-Waiting
                                                • API String ID: 0-316354757
                                                • Opcode ID: 6055edfc7482726be8608def684ec0a799a8a5646049cf4b51814880eb4f3236
                                                • Instruction ID: f698aaa8907a3ace89478f7d6ae0c7170ce1cf5bc5f4962f8cfc2d8b44217d4b
                                                • Opcode Fuzzy Hash: 6055edfc7482726be8608def684ec0a799a8a5646049cf4b51814880eb4f3236
                                                • Instruction Fuzzy Hash: A561F171A00645DBEB22DF6CC844B7F7BA4EB54718F24026EEA25A73E1C734D9458781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: h,
                                                • API String ID: 0-4055314892
                                                • Opcode ID: 228bc4f033d46c8aeb77c65b9cc06322fe8fa15005fd7534f9d48ff9b4ef71c4
                                                • Instruction ID: 9b37e5ea3b7b504fc8f8aa2e12fa20865fd693afd1c1ba88650cb54a40157be5
                                                • Opcode Fuzzy Hash: 228bc4f033d46c8aeb77c65b9cc06322fe8fa15005fd7534f9d48ff9b4ef71c4
                                                • Instruction Fuzzy Hash: D8510075104742ABD322EF6AC840B27BBE4FFA4724F14091FF995876A2E774E844C792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                                                • Instruction ID: cd99f4a331c7aa85cf25110285dda8efaa699c796ba04a19b8d71468e403d58f
                                                • Opcode Fuzzy Hash: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                                                • Instruction Fuzzy Hash: 2751CFB2504305AFD762EF19C940F6BB7E8FB94714F01052EF680972A1D7B4E904CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                • Instruction ID: 2492db53f1e265e8cdd61be078a7364b9900a30423487880d9276fe2843e85f7
                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                • Instruction Fuzzy Hash: 94518E716047119FC321DF19C840A6BBBF8FF98714F108A2EF995876A0E7B4E944CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: h,
                                                • API String ID: 0-4055314892
                                                • Opcode ID: 22dae4d92b2f1009626c2c59715ac308fec884819aa27a6826558e78b31ef008
                                                • Instruction ID: 2a690870b472636edd031239485ce458928ff5ee6654f31d9fa9d1640e54c2e8
                                                • Opcode Fuzzy Hash: 22dae4d92b2f1009626c2c59715ac308fec884819aa27a6826558e78b31ef008
                                                • Instruction Fuzzy Hash: 104126362043029BD725EF29C840B2BBBA4AF65714F10092EFD969B7A2D770EC42C7D5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryHash
                                                • API String ID: 0-2202222882
                                                • Opcode ID: c2c4d22ad03b96e70c61b1467d5022ef7ddcdc4ad0eb248ebea10c203211514a
                                                • Instruction ID: 221de14f844f2c2797b0e6f63e1b44dbcbd8eed302551deb6f7202acba894419
                                                • Opcode Fuzzy Hash: c2c4d22ad03b96e70c61b1467d5022ef7ddcdc4ad0eb248ebea10c203211514a
                                                • Instruction Fuzzy Hash: 9F4157F2D0052D9BDB21DE51CC80FDEB77CAB54714F0045AAEA09AB260DB309E89DF95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: `
                                                • API String ID: 0-2679148245
                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                • Instruction ID: c75b110e106ea1bafd5407dd81aeb6d20cdb28d6ff362259b8f71346652eeb42
                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                • Instruction Fuzzy Hash: 4431F536300306ABE750DE29CC85F977BD9ABD4B54F14422EFA589B2A0D770E904CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014240E8
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                • API String ID: 0-996340685
                                                • Opcode ID: 720bb1abbea309a6e05231ba6e8c6093fd6a970e7112b5642d6554f7a37e33a6
                                                • Instruction ID: 08915a3f67d5bee7a81357f8292cbff3c783c1529c04431bdb5e05828a8072bd
                                                • Opcode Fuzzy Hash: 720bb1abbea309a6e05231ba6e8c6093fd6a970e7112b5642d6554f7a37e33a6
                                                • Instruction Fuzzy Hash: EA418075A007569AC725DFA9C4406F7FBF8EF59300F54482FD6AAC3250D334A585CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryName
                                                • API String ID: 0-215506332
                                                • Opcode ID: 9c28961af260cdd450728874367a84b5d4fb1f31fc3f877bbfcc505cdb5d7db9
                                                • Instruction ID: 03bb5f143169c1d2e6e868b0c0de07cf318b2175b57ffc94d21f45acf625095a
                                                • Opcode Fuzzy Hash: 9c28961af260cdd450728874367a84b5d4fb1f31fc3f877bbfcc505cdb5d7db9
                                                • Instruction Fuzzy Hash: 543105B290150AEFDB15DE59C945DBBBB74FB90B20F01416AE914A73A0D7309E04D7A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 58793c4b78dec229d5bde1734c3a7d03f20bf17192e0922f0b0f722bdcd71dea
                                                • Instruction ID: 3fcc6f43a1365a886856e4e41a4e6bd4900f7aadd807d63849392880b14212d7
                                                • Opcode Fuzzy Hash: 58793c4b78dec229d5bde1734c3a7d03f20bf17192e0922f0b0f722bdcd71dea
                                                • Instruction Fuzzy Hash: 2331BFB29083159FC321DFA9C880A6BBBE8FBD9754F40092FF99483260D634DD45CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: WindowsExcludedProcs
                                                • API String ID: 0-3583428290
                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                • Instruction ID: f571d8d8fa5e30ec05345cc0f6e0826fa4a573354aa0d47ea463e68e267de3db
                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                • Instruction Fuzzy Hash: D121F57A504229ABDB239E5A8840F5BBBADEF94F51F164437FE049B360D630DC0197A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • Critical error detected %lx, xrefs: 014A8E21
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: Critical error detected %lx
                                                • API String ID: 0-802127002
                                                • Opcode ID: d2d9e16d40599ecfe08d2098d1cfe27f33a4c1f7a56a917b51c5107e5aefe0d7
                                                • Instruction ID: 985e5aea85481a54f608ab3a94c95152bdfd8b5d19e11787f135b035e097d28e
                                                • Opcode Fuzzy Hash: d2d9e16d40599ecfe08d2098d1cfe27f33a4c1f7a56a917b51c5107e5aefe0d7
                                                • Instruction Fuzzy Hash: F7117C71D00349DBEF24DFA9850579EBBB0EB24325F20411ED659AB3A1C3300602CF14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99aa2e774bfe46e2b393afb8b3c7b516f51b8631475b7f2c6373a26677f70265
                                                • Instruction ID: 0d0329cd9a7c14c4d263ccdf7864ef25b7fe4dc204f9acf68d5083307b35f56a
                                                • Opcode Fuzzy Hash: 99aa2e774bfe46e2b393afb8b3c7b516f51b8631475b7f2c6373a26677f70265
                                                • Instruction Fuzzy Hash: 46425E75A00219CFDB64CF68C840BAABBB1FF45704F1581AED94DAB362D734A985CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3198d323829d69ea0d2af0ca3e169d0752b8d57147e5ccac8ef9f8c2de6ca3b
                                                • Instruction ID: 26496bfcbf3c3d1dc19182e97972b31d9ea6d3d3146586d54bf346c6b5cf4ccc
                                                • Opcode Fuzzy Hash: f3198d323829d69ea0d2af0ca3e169d0752b8d57147e5ccac8ef9f8c2de6ca3b
                                                • Instruction Fuzzy Hash: F0F16C706082118BD764CF59C480A7BB7E1EF98754F18492FF986CB3A5E734D982CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 326ac4c4ce5de7c3f88ad650fb9b82b58cb21a58e86ae08b21fd894a05a42c01
                                                • Instruction ID: 606ae82affb9712f391994365a13805a694cd65e8e304f7269cfa75a69470aec
                                                • Opcode Fuzzy Hash: 326ac4c4ce5de7c3f88ad650fb9b82b58cb21a58e86ae08b21fd894a05a42c01
                                                • Instruction Fuzzy Hash: ADF144306083128FDB26CB2CC440B2B7BE5AF95368F54851FE9949B3B1D7B4C881CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 378a15f07cf741ea7fbda6b728feae1d5e03f9793bd8fa51561ea09537e60efa
                                                • Instruction ID: fa3a2f5704de26130af247b4897877b9b464ce2dee88888b94ed3d84241f17d6
                                                • Opcode Fuzzy Hash: 378a15f07cf741ea7fbda6b728feae1d5e03f9793bd8fa51561ea09537e60efa
                                                • Instruction Fuzzy Hash: 65D1E4B1A0020A9BDB14DF69C892BBF77B4EF14718F04412EEE56DB2A1E734D945CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4addae93aa179e7f612af06805ad0f8225995342602f8cd6fcab97ad63ce0d90
                                                • Instruction ID: ad3d6458213c0b14231e8b2a7a8beca88a8df2970ada4e38e160bfc66e80e4c2
                                                • Opcode Fuzzy Hash: 4addae93aa179e7f612af06805ad0f8225995342602f8cd6fcab97ad63ce0d90
                                                • Instruction Fuzzy Hash: E8E1C375A00115CFCB18CF59C880BAAB7F1FF98314F55816AE955EB3A5D334E982CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a3d1cf2e860901384a35849945a2124c2327988c644ac33a8ef5ec196df0dee
                                                • Instruction ID: 67bbb2b44fae40b21d91f0e216ef8a5e358f4a72f8df2cc44597ab4f453ed196
                                                • Opcode Fuzzy Hash: 0a3d1cf2e860901384a35849945a2124c2327988c644ac33a8ef5ec196df0dee
                                                • Instruction Fuzzy Hash: FDE19231E002568FEB368F9AC844B6ABBB2BF55314F0441BBD9096B3B2D7349985CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b39f988bad65b9e9bf50b00cfd0c1adb077c454f3390183ad70a49efa5b51d6f
                                                • Instruction ID: b4697f5988ce79fb10067618f4721b421b8da1b8a102074fc1bfa4137b848b84
                                                • Opcode Fuzzy Hash: b39f988bad65b9e9bf50b00cfd0c1adb077c454f3390183ad70a49efa5b51d6f
                                                • Instruction Fuzzy Hash: 49E1ED71E01608DFCB25CFA9C984AADFBF5BF48314F24452EEA46A7661D731A841CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                • Instruction ID: 36c17a16cd194ab5ac8e87a0f8f23ae74f0f8fc38aa090bb5112e30cec3982b8
                                                • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                • Instruction Fuzzy Hash: 2CB1B031B0060AAFDB15CBA9C890BBFBBB9EF98204F14416BE642D73A5D770D905CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 795742a4af2cd4dbb81968a188b13a2ca3987ecf89c4a185348ae0b7a365f78f
                                                • Instruction ID: 53e0b19f69f996cee07636a9d1f53c5dbc78da84fe4cb424db4ee0777f009c91
                                                • Opcode Fuzzy Hash: 795742a4af2cd4dbb81968a188b13a2ca3987ecf89c4a185348ae0b7a365f78f
                                                • Instruction Fuzzy Hash: A7B16070E0020ADFDF16DF9AC984AAEBBB5BF54304F10412FE515AB3A6D770A941CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba30266cf1bc6bb02e9e06e385b8c5dd7c12d6bf1b7bc4312e3857ac9d51a4f8
                                                • Instruction ID: 18f8e0ee8044a99b4e03af22e75430c5579ab70372ba2718540448aa55b6accd
                                                • Opcode Fuzzy Hash: ba30266cf1bc6bb02e9e06e385b8c5dd7c12d6bf1b7bc4312e3857ac9d51a4f8
                                                • Instruction Fuzzy Hash: 9DC122755083818FD354CF28C580A6AFBF1BF88318F14496EF9998B362D771E885CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24ff489a7a1d94977334aaa8038a6fbaee9a4bea86ad1b3ea94b7256b3b66159
                                                • Instruction ID: 9937a6579c114c9d93779900bad9e0a952108caeb909d8fb6ca40d4b26def4a3
                                                • Opcode Fuzzy Hash: 24ff489a7a1d94977334aaa8038a6fbaee9a4bea86ad1b3ea94b7256b3b66159
                                                • Instruction Fuzzy Hash: E8910B71E002259BEF219A6DC844BAE7BE8AB14728F490267F910A73F1D7749D81C781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e022772fe923ced6c4de871bc61fbab364a2fe66ef99a5153665370ed4929b9
                                                • Instruction ID: 19a44d8a46774baebce3ee2e387927585209507c4f58ac8465291c942365086d
                                                • Opcode Fuzzy Hash: 7e022772fe923ced6c4de871bc61fbab364a2fe66ef99a5153665370ed4929b9
                                                • Instruction Fuzzy Hash: 56A17C74E002158FDB25CF99C494BAABBE0BF58358F94455BD8219B3B6D371C8C2CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b18aa5949fef01a5b6a1df447b07de7b30a20a9121371703855537e906433d19
                                                • Instruction ID: 96ace2fc758f85157ab4a63d6ab39a81cf7f1fe95b636374e9a8253230a88792
                                                • Opcode Fuzzy Hash: b18aa5949fef01a5b6a1df447b07de7b30a20a9121371703855537e906433d19
                                                • Instruction Fuzzy Hash: 5E81E6B1A0011D8BDB258B28CD40BEA77B8EB54748F0441AEEB15E32A2D774DDC1CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                • Instruction ID: 363ba3853bd940a102c4a36705ba1d5c4d6c1bff0e0c73b6de98ecad38265c6a
                                                • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                • Instruction Fuzzy Hash: E581AD71A003459FCB24CF68C584BAABBF5EF58304F10856EE94AC7761D330EA81CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12a38f7acc35a91667cd41301d47eb52ea65f0437ee0d2629ee88725099e85e9
                                                • Instruction ID: aeb0d78ec9d380190e167b7e4bfef1e2e5f40db5fc2174a91104f03bb606977f
                                                • Opcode Fuzzy Hash: 12a38f7acc35a91667cd41301d47eb52ea65f0437ee0d2629ee88725099e85e9
                                                • Instruction Fuzzy Hash: E4710F32200B02AFE732EF19C840F6ABBE5EB54724F14452EE6558B7B1DBB1E941CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                • Instruction ID: 041aee68866d5acc94392d3db7302b2f9d0be5ad43b9fb6cd6b7c46289bf679c
                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                • Instruction Fuzzy Hash: 8E718071E0061AEFDB11DFA9C984EEEBBB9FF58714F10446AE504E7260D734AA41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fecbd5fa62586590cee0509ec41abd596ae3265fdfab6120817135889e7c8519
                                                • Instruction ID: 0883c088825ea4d2f9413ff52eab689cc42d81d2770c003ca609ec0a166ea6dc
                                                • Opcode Fuzzy Hash: fecbd5fa62586590cee0509ec41abd596ae3265fdfab6120817135889e7c8519
                                                • Instruction Fuzzy Hash: 55610331A041158BCB26CF5DC48067EBBB2EFA5310F5980BAEC45DF3A6DA34D94AC790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6bc5dd1d952bc1118eb05c5f7e59fe06973973d9467babe13a6f2420f008f631
                                                • Instruction ID: cc8468b1a205cb166cf11828e17b3f72ae41cfa952b914ba2bc859502a9484a4
                                                • Opcode Fuzzy Hash: 6bc5dd1d952bc1118eb05c5f7e59fe06973973d9467babe13a6f2420f008f631
                                                • Instruction Fuzzy Hash: 49517F71A00746DFEB21DF5BC484A6BB7A8FB5431DF10442EE60687A66DB74E848CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b8425f46c3e75c036575fe12c0daf04e4d51e3cd8aa5dfbf0755c28a8dd362d
                                                • Instruction ID: 3b899781bb8dadfb3a67ddc757e90dae1a4677ca1f8aad380058c11781d4339a
                                                • Opcode Fuzzy Hash: 0b8425f46c3e75c036575fe12c0daf04e4d51e3cd8aa5dfbf0755c28a8dd362d
                                                • Instruction Fuzzy Hash: 4151F175D002598FEB71CF78C845BAEBBB0AF04714F1841AEDC59AB3A2E7304985CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84efe80bf27979eaf708390a3176de7581c2ff130c2c61a405a6c04dc470e935
                                                • Instruction ID: 79558b4bb1c65ce7d9d57fdd581986963e2a943b9ffa49855385c115c0748bdf
                                                • Opcode Fuzzy Hash: 84efe80bf27979eaf708390a3176de7581c2ff130c2c61a405a6c04dc470e935
                                                • Instruction Fuzzy Hash: 4D51CD70A0062AEFDB25DF68C844BBEB7B4BF64319F40412ED51A972B0DB789951CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea70f77874de88ea61f67e77a62dee24706c2a2cbe297b66f7ce287c943cff5e
                                                • Instruction ID: bddd98894b388887967ec7ebdcb6e2c07d4d1a431f8f5ed143b78dbe6048168b
                                                • Opcode Fuzzy Hash: ea70f77874de88ea61f67e77a62dee24706c2a2cbe297b66f7ce287c943cff5e
                                                • Instruction Fuzzy Hash: 7751C1316047428FE315DF29C9D4BA7BBE0FF60714F18456EA9458B3A1EB70D806CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f9dab66214181841709d7415804898aa3e6ecebea1b9cb87829621c865a2970
                                                • Instruction ID: a66a2939f5569168bbdb14e7afd6568099017c602ba2132157c3ba5c93f5b7bc
                                                • Opcode Fuzzy Hash: 0f9dab66214181841709d7415804898aa3e6ecebea1b9cb87829621c865a2970
                                                • Instruction Fuzzy Hash: 5751BF76E001258F8B14CF1CC480DBDBBF1BB88700B46845BE8569B375D670AA92CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff4bb5c9864dfd0df1a9af404b4a1bcb7fa6899362ceeab6e4af8c77fd9adbde
                                                • Instruction ID: 8ebf32a25a96001697fadf3478e55a048d71fc11f334b68eb1680fe2ddc7f9f6
                                                • Opcode Fuzzy Hash: ff4bb5c9864dfd0df1a9af404b4a1bcb7fa6899362ceeab6e4af8c77fd9adbde
                                                • Instruction Fuzzy Hash: D4519F716083519FD700DF29C844A6BB7E8FF98214F14492FF899CB2A1D734D946CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba39821fc667ef5be31beaf08064fff4bb4a557488a8109bf093b549da4ad79b
                                                • Instruction ID: 22eea69ff99347efe40dbedc0a1a9e160326fab167267e6bf242e2e309588f2b
                                                • Opcode Fuzzy Hash: ba39821fc667ef5be31beaf08064fff4bb4a557488a8109bf093b549da4ad79b
                                                • Instruction Fuzzy Hash: AE51AFB1E00206CFCB14CFA8C484AAEFBF5BB58310F24855BD559A7369EB70A945CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                • Instruction ID: 6a89b55bc677a6f1152975dc71a8485dcdf37bc2df1aede9eb674a40ade9d157
                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                • Instruction Fuzzy Hash: 38510470A04245EFEB22CB6EC1907AFBBB1AF05314F1881BED945633E2C375A989C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                • Instruction ID: c75f71e9d6673be0b6d01b65c2067f6f105e9495af351fff7b09d648671dcbd9
                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                • Instruction Fuzzy Hash: 79517A75600646EFDB56CF18C480A96BBB5FF55705F1880BEE9089F222E371E946CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                                • Instruction ID: fa4797e03a5bdc813a59257c50fca94b3081f53d8890c68378d5d6890d9f9ef3
                                                • Opcode Fuzzy Hash: 57c987ef142df1584dd8d639fa8fc84791a5094b44c6db83ae1c023477dd8020
                                                • Instruction Fuzzy Hash: D9515B75E00615CFCB15CF99C480AAEF7B5FF88724F2841AAD855A7361D730AE82CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8311de58a755ad7a456bccf3f3db42782d6facab81d19977dafa04fc6ce8f461
                                                • Instruction ID: 7fc681267c4b308c94434bee20244c70daf23d4bacc4729432afa1d66b8ce223
                                                • Opcode Fuzzy Hash: 8311de58a755ad7a456bccf3f3db42782d6facab81d19977dafa04fc6ce8f461
                                                • Instruction Fuzzy Hash: BC516A71A0022A9FDF25CF59C840EEEBBB5BF58350F40815AE900AB770C3718992CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4626acb43f399e88a34e422be6f9f82e7571d556beeb648555dc93db76e5710c
                                                • Instruction ID: 1a45f1a4bb39286daaa26af5f131917840e9f58d223f117cbdbdc5ed165843d9
                                                • Opcode Fuzzy Hash: 4626acb43f399e88a34e422be6f9f82e7571d556beeb648555dc93db76e5710c
                                                • Instruction Fuzzy Hash: F241C631A002299BDB21DF69C940FEA77B8EF55700F4600ABE908AB361D774DE85CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21db164620f7b254221ca826e961d5432ed02059391dbd8708b4aae2e02a823c
                                                • Instruction ID: 92cddc0f52746136c9425f2f38aefafe2f7e3adbe5ca304c4f5c2a44d42f69e1
                                                • Opcode Fuzzy Hash: 21db164620f7b254221ca826e961d5432ed02059391dbd8708b4aae2e02a823c
                                                • Instruction Fuzzy Hash: E641C171A403289FEB22DF18CC80F67BBA9EB54614F45009BE9099B3A1D770DD84CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d4e2c0ee480952f8ef2fe3628f384704697340e7d230ec89505d1661d4dfc1
                                                • Instruction ID: 5cebfea1fccd82570afbaf06250144c814c69617d5469eff55d1b8aefc5b7404
                                                • Opcode Fuzzy Hash: a3d4e2c0ee480952f8ef2fe3628f384704697340e7d230ec89505d1661d4dfc1
                                                • Instruction Fuzzy Hash: 2041E6B1A10206EFEF11AFADC840BAEB6B6BF68718F14001FE505E7375D774984A8B51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                • Instruction ID: 314eb4e870c2f4c727e7967c3e4b41950124a24f03df8bc50ef5255529049b04
                                                • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
                                                • Instruction Fuzzy Hash: 9441D236600105EBDB15AF6DC850BAF3B6AEF54B10F1A407EEA069B360D730DD02C7A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                                • Instruction ID: 5cd1923c05a0dd5dc8ad8ef93ce74eca0baaae4d2f36e60deae655a5c4ff68ce
                                                • Opcode Fuzzy Hash: e1a7370b56a08231ee134f13a4b803da5b209042f7814c29e042afade973f4ff
                                                • Instruction Fuzzy Hash: 6F414F71A00609EFDB24CF99D980EAABBF9FF18314B10496EE656D7650E330EE44CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae00f8a1d2786ddd289d3361f4d5fa88ca7b6b6aa89b16cd54a26ae76dc1cf38
                                                • Instruction ID: 353b21f856b065cc65565222de35d5442a6486fd80f38fb2fcf2e8fde7813603
                                                • Opcode Fuzzy Hash: ae00f8a1d2786ddd289d3361f4d5fa88ca7b6b6aa89b16cd54a26ae76dc1cf38
                                                • Instruction Fuzzy Hash: 0C416C725083069ED312DF65D941A6BB7E9FF84A54F00092FFA94E7260E730DE148B93
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04c19f9446cce5b74a933bf592cc8aa1d6abeddefb067f97bf31ae3e7a813ebc
                                                • Instruction ID: 5c3fe82b3544feea301211d455b062d3fe6789357ef82f8fd65b32f4cb351c15
                                                • Opcode Fuzzy Hash: 04c19f9446cce5b74a933bf592cc8aa1d6abeddefb067f97bf31ae3e7a813ebc
                                                • Instruction Fuzzy Hash: BE419E31944205CFDF62DF69C880BAA7BB0BF64394F55012AE8116F3B6D3369942CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a60aa188602e62872d95e40961cfaeb93b0eb1a8b9a4d2b421c06b442061de4
                                                • Instruction ID: 38618cb6bb8dd469318512e39f458a5163599b7ac6a074ece1b34f34b1866b7e
                                                • Opcode Fuzzy Hash: 5a60aa188602e62872d95e40961cfaeb93b0eb1a8b9a4d2b421c06b442061de4
                                                • Instruction Fuzzy Hash: B94157B1E0022D9BDB25DF5AC988AAAB7F4EB54300F1045FAD919973A2D7709E81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                • Instruction ID: 087ae0de695e48d91f9d8e14b4b1e2432760b133e9414f7a643b5f9a190ff794
                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                • Instruction Fuzzy Hash: DB31E332B042056BEB15CA69C8C5BEFFBBADF94210F25446AEA25A7361DA749D00C770
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                • Instruction ID: 0f9e1d65b7a9d852c3f4ef1e082add63ccec281fae6a3d8761a6cb9cd602f165
                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                • Instruction Fuzzy Hash: E53128322006406FD3228B7DCCD4FBB7BA9EB95A50F18445BE94A8B762DA70DC06C770
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                • Instruction ID: bc8b60b05d0da815946728f0e15c338bdfed37c78b2931b2a22351b1b7d7ef35
                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                • Instruction Fuzzy Hash: 6A31B4726047069BC729DF29C8C0A9BB7AAFBD4210F04492EF55697795DE30E809C7B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                • Instruction ID: 9fb84ff4d9f52adf5c7b1ea4e86f85d7d9ccb3722a32d12687c5e2bfb8c95df8
                                                • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
                                                • Instruction Fuzzy Hash: 66414731600645AFDB13DBAECC80FDABBB8EF10340F0585B7E454973A2C2749A45CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 904a8e6d18c44e36c8b8123c45d475a7c8df642a52875b8b2368d404948aa719
                                                • Instruction ID: fd93413876124e8ad67729485fb99f1d53cee76dc9c03a0334a21b571df6ef0f
                                                • Opcode Fuzzy Hash: 904a8e6d18c44e36c8b8123c45d475a7c8df642a52875b8b2368d404948aa719
                                                • Instruction Fuzzy Hash: 9D41AFB1D006099FEB20DFAAD940BFEBBF5EF58314F14852EE914A7260DB709905CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 224b9b1eee732597972d20a42388ed2e30d73d228b83a5678f4924c3ab60e8f4
                                                • Instruction ID: 16a43d98edde6b2b373593d9bbf3ad61567f191c46412532f7db88fc98b1fd91
                                                • Opcode Fuzzy Hash: 224b9b1eee732597972d20a42388ed2e30d73d228b83a5678f4924c3ab60e8f4
                                                • Instruction Fuzzy Hash: 37312436241A01EBC762AB19C880F6A7BA5FF60765F114B2FF9550B6F1DB70F805C690
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d291a1cfe06de33bf6925d8615fdf06b198af4d15ad0ee321aa595be5f926484
                                                • Instruction ID: ae7586146a7137064511215b897b704aefbc9c47c5080d7535af612605595867
                                                • Opcode Fuzzy Hash: d291a1cfe06de33bf6925d8615fdf06b198af4d15ad0ee321aa595be5f926484
                                                • Instruction Fuzzy Hash: A831DC35A006119BC725CF2EC846A6BBBE5FF88710B05806FE94ACB370E634D842C7A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                • Instruction ID: a3cb747ccdf53d73ad800aa90ce11a8a2e8cba8712a7d2ae789f7630eb07445a
                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                • Instruction Fuzzy Hash: 76311671A81547BBD715EBB6C890BEAF764BF62204F04416FC41C87365DB386A0ACBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc007f3044028a4428e02a4a9047b92b36f57703fd20714d6d08a154055cf9b3
                                                • Instruction ID: cb9f8851b508d77de87d939ebbb802a111c22930e8d23a063636d01a254db1b6
                                                • Opcode Fuzzy Hash: cc007f3044028a4428e02a4a9047b92b36f57703fd20714d6d08a154055cf9b3
                                                • Instruction Fuzzy Hash: BA31E6726047919BC321DF28C844AABB7E5FFD8700F054A2EF995877A0E730E904CBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8face09626d1e61f5a6d73ff13723d68f9027ddff2930e89616818e02e51868b
                                                • Instruction ID: bee26c68438150e2194654ce7d83fe4f861150c7270215d1754d37172e745c74
                                                • Opcode Fuzzy Hash: 8face09626d1e61f5a6d73ff13723d68f9027ddff2930e89616818e02e51868b
                                                • Instruction Fuzzy Hash: F241F3B0A047568BDB21DFB984103EFBAF2AF21308F54052FC086AB361DB355945C7BA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b3025e7999f4f9dbfcd090e80ddcb67b17448c78e94b0ab5c869ce96a574650
                                                • Instruction ID: 17a1cbd76a639ecd0c2cf99bee0752f76eb96934688e01a8c120d7d7e1074a11
                                                • Opcode Fuzzy Hash: 8b3025e7999f4f9dbfcd090e80ddcb67b17448c78e94b0ab5c869ce96a574650
                                                • Instruction Fuzzy Hash: 66317771549302CFCB10DF29C48491BBBE1FBA5615F45496FE5988B361E730ED05CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5bb5820d9702cc949384fba22753069816fab71a256a3b08369d273dad190a4c
                                                • Instruction ID: ff8b8fa8b2f0e4a88baa637bdfeb4eb38b507a55e723c38a178c2186e7d724f6
                                                • Opcode Fuzzy Hash: 5bb5820d9702cc949384fba22753069816fab71a256a3b08369d273dad190a4c
                                                • Instruction Fuzzy Hash: 8C31A672E01219EFDB21DEA9C840BAFBBF8FB14354F01452AEA15E7260D6749E04CBD0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 039bc4f222d8e85a75c0c1f02842fb87c8e816c3825747851c369354a349a0a7
                                                • Instruction ID: cfcf2526aa89deb5581540acd92a84b65497fb48ef1114ba2da75d26747d003f
                                                • Opcode Fuzzy Hash: 039bc4f222d8e85a75c0c1f02842fb87c8e816c3825747851c369354a349a0a7
                                                • Instruction Fuzzy Hash: EF31F671A00216ABDB269F9AC880BAFBBF4AF65714F21006FE515DB360DA71DD0187A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a291524e9b21f76d22cfc6f8e1a0b46badb7ab2a05df3e0ef0450ce2d9f68ba
                                                • Instruction ID: 9b4382f418b08edb2148f718081afb9bf73285d457b7bd3f4cf51b20105ff948
                                                • Opcode Fuzzy Hash: 0a291524e9b21f76d22cfc6f8e1a0b46badb7ab2a05df3e0ef0450ce2d9f68ba
                                                • Instruction Fuzzy Hash: 47315C716057118FE360CF1DC840B27BBE8EB98B18F55496EE99897361E7B0EC44CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac4cd60a833c967fadeb2d7891b08b399f17531744b943d57c8dfadafa04384e
                                                • Instruction ID: db87bbd4c12852c62254985baf33dabc9b3f4c29aaea4e6223f32e8e4be02e87
                                                • Opcode Fuzzy Hash: ac4cd60a833c967fadeb2d7891b08b399f17531744b943d57c8dfadafa04384e
                                                • Instruction Fuzzy Hash: E2310372A0021AABDF11DFA9CD41ABFB7B8EF14700F04406EF905EB261E7349954CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7aca8750c56209a788a626a6ad1a4a88c84f322f0564b3549d6f62b41c513842
                                                • Instruction ID: 399cd1a906db26b260efb2f82a9144faf00f9cc190942cbcb7f3b41c6e9ffae4
                                                • Opcode Fuzzy Hash: 7aca8750c56209a788a626a6ad1a4a88c84f322f0564b3549d6f62b41c513842
                                                • Instruction Fuzzy Hash: E131F5322012119BC732EF69C944B6BBBE4FBD9610F18042FE85547271CBB0D806CB85
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db5df8ea54e8d98ca347fe61d05001d5cfac38356dd71f8463763ee66b57d3ae
                                                • Instruction ID: c0fec4c24f14c679f4ab3026926c755e960ea2ef290e7f8c9675874f711a1b4f
                                                • Opcode Fuzzy Hash: db5df8ea54e8d98ca347fe61d05001d5cfac38356dd71f8463763ee66b57d3ae
                                                • Instruction Fuzzy Hash: 76319035611A0AAFDB529F25CA81B5ABBA5FF94714F40501AED0147F72DB31EC34CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2f55928cfe83554a8d52420c62b86d02a23665ddf85be8bd148f78ad9cc007b
                                                • Instruction ID: 587b956c1a959f399d2302adf6b56281e2c4819cee6397324fe4344f9a6896ce
                                                • Opcode Fuzzy Hash: b2f55928cfe83554a8d52420c62b86d02a23665ddf85be8bd148f78ad9cc007b
                                                • Instruction Fuzzy Hash: 713131726106268BCB22DF58C4807A677B4FB28310F45407EED04DF326EB34D9868B80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ea0b5034ccc5919679054df04f3876bd841a8718789c6c2d76f1562a600797e
                                                • Instruction ID: a7ccf3d460929a4278461c7b85644e001a13287c8827db6b315f2d1a3554d846
                                                • Opcode Fuzzy Hash: 8ea0b5034ccc5919679054df04f3876bd841a8718789c6c2d76f1562a600797e
                                                • Instruction Fuzzy Hash: EA31C575A00246DFEB25DF6CC048B9DBBF1BB5835CF14816EE60467362C334A980CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                • Instruction ID: 6422de723b264e41931b95bb5384e1e381ae9e7e6afae72a67ecc91b1480a93e
                                                • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
                                                • Instruction Fuzzy Hash: 8C319A31600658EFE721CF69C880F6AB7F8EF44354F5005AAE915CB2A1E770EE81CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                • Instruction ID: 89f3c73db2d6aa2f4f31f7f53e514ab05597302157c8b4da47ce24a5fa2a589b
                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                • Instruction Fuzzy Hash: 7321C771600129FFD711CF59CC80E6BBBBDEF95A64F514056E605A7730D634AD41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba2bf534eaa599b150e2179bf6c322708cb098d1b62d5e0efdced9e20fc9b4d5
                                                • Instruction ID: 816dd30efe385518aca38bdc97b2b6115f8d0f86d0c5c4e72b0cf61de45a23b4
                                                • Opcode Fuzzy Hash: ba2bf534eaa599b150e2179bf6c322708cb098d1b62d5e0efdced9e20fc9b4d5
                                                • Instruction Fuzzy Hash: 4021A039201B82CFE726CB2DC4A4B7777E8EB51704F484497E9828B7A5D738D882C710
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f368ad3e20dc872982a81365d4d3c99c98ceb4f5c7e7d49f02624b5ed6cba50
                                                • Instruction ID: 59fd4a72857d54256c28697fc8257e798b1031db0962de98b24fd3dcb54aaa38
                                                • Opcode Fuzzy Hash: 9f368ad3e20dc872982a81365d4d3c99c98ceb4f5c7e7d49f02624b5ed6cba50
                                                • Instruction Fuzzy Hash: 9331CE71601B04CFD722CF28D840B97B7E5FF88714F14856EE59A87BA4EB35A841CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38631aa6727b46a94ae463cf3383caab1ea29016268239455b5ff809207926c5
                                                • Instruction ID: 5eb24a13ba366101d2dfd7b490845aaf2dc4de065c0e762dfd9ff537157a6b0b
                                                • Opcode Fuzzy Hash: 38631aa6727b46a94ae463cf3383caab1ea29016268239455b5ff809207926c5
                                                • Instruction Fuzzy Hash: 4B21AD71A00A45AFD711DB6DD840E6AB7B8FF58704F04006AF904C77A1D634ED11CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55ff664ffe35e531b415b014c0b406a6b370a1d908251e766b03a1a9938361e0
                                                • Instruction ID: fa5bbc87773f21845c956d553b1c27b0af604f3cd32b1f56edbd7595e1d89b41
                                                • Opcode Fuzzy Hash: 55ff664ffe35e531b415b014c0b406a6b370a1d908251e766b03a1a9938361e0
                                                • Instruction Fuzzy Hash: BD21E535100606DBDF329A29D900B2777A5FB70328F10471EE55647AF2E730E945CB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                • Instruction ID: dcc6dd305496df8bf9f4f45a3541b8c94825c0ab1e81ae7039ca6c6d4c697fa7
                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                • Instruction Fuzzy Hash: 24214171A00205EFEB21DF59C584A9AFBF8EB98754F14887FE985A7220D370AD45CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6799e3fbe4fe246c7f1b69db1f3fdb10d4aea7c246db1a43ad0c84d7fe63aa73
                                                • Instruction ID: ba791b3a159b8749bf9c3df2e0052f3ed92bdebd0b132feb6690f9b4f1100bf5
                                                • Opcode Fuzzy Hash: 6799e3fbe4fe246c7f1b69db1f3fdb10d4aea7c246db1a43ad0c84d7fe63aa73
                                                • Instruction Fuzzy Hash: C721C272A00119AFDB11DF59CE81F6ABBBDFB54308F1501A9E608AB262D375ED41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                • Instruction ID: 5c901f44ee74048186b2d0cbbe1d2bfd71d77a00e614bcf78fd850775e840471
                                                • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                • Instruction Fuzzy Hash: AF31D271900625EFDB28CF69C48077AF7F8FF44318F14866DCA6997A61E770A940CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 576df13e98082ba23d45f79f54c5ca8bd7aea7ec16f6bac9ebc4d62ef7d8ae6b
                                                • Instruction ID: 9ebab08d1185479702562385d15edb98bd3ea96839dfbfe51ec34b295add4ecb
                                                • Opcode Fuzzy Hash: 576df13e98082ba23d45f79f54c5ca8bd7aea7ec16f6bac9ebc4d62ef7d8ae6b
                                                • Instruction Fuzzy Hash: 91212572400A459FE311DF29C944FABBBEDEFA1640F05046BF940C7271D734C54AC6A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ac60bddf7a16a2c9f013edaa2786d2bf5a6a7ed61a21048ff208cc099a06d53
                                                • Instruction ID: 4f726c92819c60422abfea8a677384ba1f838269a3f6f2ad2fc5ab6c28f838b1
                                                • Opcode Fuzzy Hash: 8ac60bddf7a16a2c9f013edaa2786d2bf5a6a7ed61a21048ff208cc099a06d53
                                                • Instruction Fuzzy Hash: C621D4366056819BF723976E8C0CF253B94AB01775F680377FA249B7F3DBB899418220
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                • Instruction ID: bcc3e73cc8f6d25573158ef778fac481224dbb406362b173af9116fb868f6f2c
                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                • Instruction Fuzzy Hash: EA21F53A2042049FD705DF18C890AAABBA5EBE4B50F04856EF9959B3A5D630D909CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aeadc021d41b42472c5a046a9889bc9651612843b85c2bc5c9eacab95f35bb9d
                                                • Instruction ID: 29d13bbac67f914886687b8f3470bf81079f2f65673b79c502e8170c8ac4fd8e
                                                • Opcode Fuzzy Hash: aeadc021d41b42472c5a046a9889bc9651612843b85c2bc5c9eacab95f35bb9d
                                                • Instruction Fuzzy Hash: E1113339901305ABCB25AF2DC440ABABBE5EF66714F14016FFA4693791D631E841C690
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                • Instruction ID: b0b50dd9a10a0092cf404db2b96629303022bd3006b29d490490876cb73e999a
                                                • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
                                                • Instruction Fuzzy Hash: B011E273600609FFE7229E99E840FAABBB8EB94754F10402EEB058F550D671EE44DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                • Instruction ID: 4dd50cc68e770f9307059c2b1ea931ec0c84f5c9f97c8d2f17c2b90d1b2b0fdf
                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                • Instruction Fuzzy Hash: 9B217C72600651DBD732CF4EC540E66B7F5EBA4A10FA4857FE95A87B21D730AC46CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17a3ee05b57574be90c650e124e3f0d6ac0d91908839c30b320b089247b16df2
                                                • Instruction ID: 25fb949418dd0e4b66ebc74c0d157af5d4ed91607cfad2871c1e117ef314a35d
                                                • Opcode Fuzzy Hash: 17a3ee05b57574be90c650e124e3f0d6ac0d91908839c30b320b089247b16df2
                                                • Instruction Fuzzy Hash: BB214D71600610DFE735CF69C880B6AB7EAFB44650F54886EE59EC7761DA70A881CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b91b5ebfe40bbbfc8f19b4c6c27ea5e7daed09e9058a1379c6084f42c4717fb7
                                                • Instruction ID: 9a8b5ac0f0123b58507008c9a0fe474265f0c5c5031e518b5d7be7b57a6d5e0e
                                                • Opcode Fuzzy Hash: b91b5ebfe40bbbfc8f19b4c6c27ea5e7daed09e9058a1379c6084f42c4717fb7
                                                • Instruction Fuzzy Hash: 041103392426918FD3259B2DE1F077677E8EB89B18F08005BE8828B771D379DC86D751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b98abe779d87b058a1701ff3b1c1db71b400d9f3f8a5485a4a9a374ba07ae12
                                                • Instruction ID: e0a96bca3a660650f791d73e320b2c758d1190017884981bf62bd99ab8f6fba4
                                                • Opcode Fuzzy Hash: 5b98abe779d87b058a1701ff3b1c1db71b400d9f3f8a5485a4a9a374ba07ae12
                                                • Instruction Fuzzy Hash: D31148333011219BCB2A8A298D81A6B739AEBD5230B34412FDD16D73B0CA71AC42C695
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 163fa4f7a9ffa117d98950af399857fd1f83d069cf6a211b13c0898b491e3646
                                                • Instruction ID: 59874f404da3e11ce18a95bf2d7b1fef2738fdb3f68e608325ccdefef8d4206f
                                                • Opcode Fuzzy Hash: 163fa4f7a9ffa117d98950af399857fd1f83d069cf6a211b13c0898b491e3646
                                                • Instruction Fuzzy Hash: 06212872041602DFC722EF69CA40F59B7F9FF28708F1445AEA1598B6B2DB35E941CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                • Instruction ID: 0e1913f0f345b15330b1066b493e4ccf84d44ab4abb99cd428a4526aad4aadc7
                                                • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                • Instruction Fuzzy Hash: 6811E671500304EFEB25DF69C804F66B7B9FB85318F10859ED5028B751EB71AC06CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                                • Instruction ID: 545173f9979a1aa43625042c47efca9da2481b4cebc8a102ce01e504291a0f3a
                                                • Opcode Fuzzy Hash: f7107f8a9a6e1912d5495caaf0dffdb465e6b2ac924055a9a8be1b481ae2b641
                                                • Instruction Fuzzy Hash: 1D110432600919AFDB19CF59C841AEEBBB5EF94310F04826AEC45A7360DA31AD15DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                                • Instruction ID: 53cc85d67cab3eab2fa79c31335b5d7d0d232aafde375ddaa158b6cff1c01dc4
                                                • Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                                • Instruction Fuzzy Hash: 9111BE716012019FD729CF59C850F22BBF5EF59321F42816EE50A8B7A0E770EC81CB98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b502a4b8bec3fc9084adf3a56ccff52459d5ab447c38e7d06d801ad7b466de5
                                                • Instruction ID: d8f80332b8b9869bada69266722f5c0cd674c89d74de11e7cf643d3326648fe1
                                                • Opcode Fuzzy Hash: 6b502a4b8bec3fc9084adf3a56ccff52459d5ab447c38e7d06d801ad7b466de5
                                                • Instruction Fuzzy Hash: 20215874A40607CFCB25EF69D500B19BBE1FB95398B28826FD1058F3BADB319491CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33209ed0e7d3c94bb56cc631b76946bf64fe5abab6eca597b960752ee97582ff
                                                • Instruction ID: 8ab9284640afe127bc16675c763dc848835e2353796f3e39f687aacd6e097cb5
                                                • Opcode Fuzzy Hash: 33209ed0e7d3c94bb56cc631b76946bf64fe5abab6eca597b960752ee97582ff
                                                • Instruction Fuzzy Hash: 6211E13A744680ABF322932FD948F273AA8DB90B95F54007BA9419B3F2D9B4A8018161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c34901056f31433e12fbc4e48a9ddc894700daea856dacb55031c54a8defabb
                                                • Instruction ID: 50675a7faf466caf8fd434145954580177961da168b493627903a0999fd5aa7b
                                                • Opcode Fuzzy Hash: 7c34901056f31433e12fbc4e48a9ddc894700daea856dacb55031c54a8defabb
                                                • Instruction Fuzzy Hash: 3E112B3274431267EB30AA3AAC40F16B6D8FB70651F54852FF60ADB271D6F4D889C754
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 886ae8aa4f50730714a237eee0883f3853dc0de0a5e0eefa9fae5ba8dd7ba574
                                                • Instruction ID: 5f9913fd39d658e3c08210dd9a349bf65a3769d741dc53e1621ecf7cee2f0e18
                                                • Opcode Fuzzy Hash: 886ae8aa4f50730714a237eee0883f3853dc0de0a5e0eefa9fae5ba8dd7ba574
                                                • Instruction Fuzzy Hash: 251125313006069BC711AF2EDC44A2BBBE9FF9422AB10053EE94587676DB30ED10C7D2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 590fc6d76a46616362ed594750af181e22bf3f1040b4db440070396f16b5f91b
                                                • Instruction ID: d4ad352c9b745d1607aec322de609ab8449b9455f57e5e62c48fb7a4721ed9e8
                                                • Opcode Fuzzy Hash: 590fc6d76a46616362ed594750af181e22bf3f1040b4db440070396f16b5f91b
                                                • Instruction Fuzzy Hash: 5B1151716006059FE712CF59E841B67B7E8EB44318F05446DFA99CB662DB35E8009BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                • Instruction ID: 701b81856938e58603c76defffa30d3e9b36c0faee6fab5c1f69f6ced92d955f
                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                • Instruction Fuzzy Hash: 4B11E5726016918FEB238B2DD544B363BE8EB41B58F0D00A2ED04977B2D33CC882C661
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 332eb88f82ac98d39f97371df68784deaca3d3c6fe830ea9f3a8bb400f23915e
                                                • Instruction ID: 0992b4d9b5c294baa1c1edab35b75c4d35946c66a3031e531126d66d9986f1da
                                                • Opcode Fuzzy Hash: 332eb88f82ac98d39f97371df68784deaca3d3c6fe830ea9f3a8bb400f23915e
                                                • Instruction Fuzzy Hash: F801AF726016068FD3269F19D840B16BBE9EB8532DF25407BE6058F7A6C774DC41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                • Instruction ID: 47cbbb63bdc3dd9a270ffa53171d76f4f1ddb5a30fe225b19c27c7b3624a2989
                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                • Instruction Fuzzy Hash: 68018472140506BFE611AF6ACC80EA7BB6DFFA4755F00452AF214426B0C771ACA0C6A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4658610d59209f08325830bdcffa214dcdf0bea7ababb44e41e2ee0fb90169b3
                                                • Instruction ID: 207bfa08873dc4db81efa279af5e7df4c6f49d7a1e9b76f560ca830db0f5c134
                                                • Opcode Fuzzy Hash: 4658610d59209f08325830bdcffa214dcdf0bea7ababb44e41e2ee0fb90169b3
                                                • Instruction Fuzzy Hash: C5112536A01555DFDB2AEF49CA40F6AB7B9FB18604F0601ADE905A7762C338FC00CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cff61688249657e363b0a4e39197c92b8b18014c50b24696612d5d758003286c
                                                • Instruction ID: 9b2ad72cb59096aa9f649a78919b450e99f8c1f476515f567e738892daebaeb3
                                                • Opcode Fuzzy Hash: cff61688249657e363b0a4e39197c92b8b18014c50b24696612d5d758003286c
                                                • Instruction Fuzzy Hash: 50116171E01249ABDB10DFA9D845EAFBBF8EF98710F50406BF914EB350D674AA01CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                • Instruction ID: e1262167e15a3b5cceb8e1c7c3d277525755ecc6b87ba37f64ea50d196fdb44d
                                                • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                • Instruction Fuzzy Hash: 0501B536200705EFEB32E66FD940AA777EDFFD1A28F14441EAB4687561DA30E805C750
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31f78e30b8420fa6cb1be0074a0e96e85624b61482d1287722ad995c8b90caa1
                                                • Instruction ID: c62d84d459f779b606421f94a01f013350c1d6f7d1f742a7b0d0c6686b0f1e5d
                                                • Opcode Fuzzy Hash: 31f78e30b8420fa6cb1be0074a0e96e85624b61482d1287722ad995c8b90caa1
                                                • Instruction Fuzzy Hash: 700184722415467FD651AB7ACE84E57B7ACFB65660B00022FB518C3A71CB34EC11CAE4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 97b11666c648b3ee710494232e118722cec89518ddfd8a7424c467fa10f888c7
                                                • Instruction ID: 60e6e5b539b97cdf0dacd3a45848edcd305ba502a88a5484ff8d802b0e8cf02f
                                                • Opcode Fuzzy Hash: 97b11666c648b3ee710494232e118722cec89518ddfd8a7424c467fa10f888c7
                                                • Instruction Fuzzy Hash: 78019271E01249ABDB10EFA9D845EAFBBB8EF94710F00405BF900EB390D6749A01C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2017b90108bda23b70e405df6c9ec57bd62f68ab4516930c0f92ba202e0bd791
                                                • Instruction ID: 03a8e039a828cca36d060ec266ca37f558b1ee41ddb8753e1005356439d26280
                                                • Opcode Fuzzy Hash: 2017b90108bda23b70e405df6c9ec57bd62f68ab4516930c0f92ba202e0bd791
                                                • Instruction Fuzzy Hash: 25015271E01259ABDB14EFA9D845EAFBBB8EF58710F40405BB904AB390D6749A01CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da2d5dd37b7ce9bcde8b48327a5391d3fb155af94e9bced29a1ad1c728b27b77
                                                • Instruction ID: d472e18e75a3b4be8703d847d9ca5d7d33f76b4e2c9521ab1e0cea330e56bc8d
                                                • Opcode Fuzzy Hash: da2d5dd37b7ce9bcde8b48327a5391d3fb155af94e9bced29a1ad1c728b27b77
                                                • Instruction Fuzzy Hash: 02019271E01249ABDB14EFA9D845EAFBBB8EF94710F00405BF904AB390D6749A01C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0eb8fee671304aa6460a9bcb0ce51aba7b866fe4c57039d634ef6a71f9e89262
                                                • Instruction ID: 371b5362bab202b73fef8b3126cd917791d0964763ed64bb8b07861fd40039b8
                                                • Opcode Fuzzy Hash: 0eb8fee671304aa6460a9bcb0ce51aba7b866fe4c57039d634ef6a71f9e89262
                                                • Instruction Fuzzy Hash: 5B019271E01249ABDB10EFA9D845EAFBBB8EF54710F00405BF905AB390D6749A01C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                • Instruction ID: 2064fde00fce8606d7f559ed97cf3ab87a6974eb6018ea67f3c292701e601b29
                                                • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                • Instruction Fuzzy Hash: 2711AD32410B02DFD7329F19C880B22B7E5FF60726F19C86DE6994B5A6C778E881CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 089d449b1abee8507104b68f3b380e95b9dbab901a0b99776e912d7d4b683d31
                                                • Instruction ID: 8f5e66fc0dc61827a0dcd295cf7788c609a0b55a8dd3b789340d5de2be59cb61
                                                • Opcode Fuzzy Hash: 089d449b1abee8507104b68f3b380e95b9dbab901a0b99776e912d7d4b683d31
                                                • Instruction Fuzzy Hash: 70019271E01209AFDB10EFA9D881FAEBBB8EF54700F00405BB904EB390E6749A01C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                • Instruction ID: e383a1b82004c2728d2b87298173b62a098dcb382d7f909673b11f92cb311043
                                                • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                • Instruction Fuzzy Hash: DB01D8362006029FD7619B69D800F97F7EAFFD5A10F08452EE6468B760EA70F841CB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3034e9fb4a36ec872e91fe76c4e6ace5993cc41c1fd16322fe331568b18de259
                                                • Instruction ID: e0e49d9c5f8ba6b499733f760f0e8fc7d7444edf6830792122648920583036bc
                                                • Opcode Fuzzy Hash: 3034e9fb4a36ec872e91fe76c4e6ace5993cc41c1fd16322fe331568b18de259
                                                • Instruction Fuzzy Hash: 0F018071A00249ABDB10EFA9D841FAEBBB8EF54700F40405BB915EB290D670DA01CB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba29bf430f2c9bfdfbc075896fe53e2d4bbdf96e8e67dc7015f630d2cd9b6577
                                                • Instruction ID: b372864e35a578664134e5e48bcad97d1c7375836e089b7a3a0188dc5ab8ced0
                                                • Opcode Fuzzy Hash: ba29bf430f2c9bfdfbc075896fe53e2d4bbdf96e8e67dc7015f630d2cd9b6577
                                                • Instruction Fuzzy Hash: 4901F236A00109DBCB18EA69D804ABF7BACEF91128F94006E9A05AB664DE30DD05C790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                • Instruction ID: 4082b584ce2253d5db4c5b189339eabb5ad53d13557e2c339340d2b2627ec8e5
                                                • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
                                                • Instruction Fuzzy Hash: C0012672A01249EBD7119B9DC800F2A77A9ABA5B3CF10415EFF158B7A1DB34ED00C795
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70ec39c8fefe77a40d533c77845fbc65609ffae9f6256308f4d97b104caef92e
                                                • Instruction ID: 9a37f3172dc67fbe6d71cd2fbce842c1607793aae5c7d52da8f048c0c6f51e74
                                                • Opcode Fuzzy Hash: 70ec39c8fefe77a40d533c77845fbc65609ffae9f6256308f4d97b104caef92e
                                                • Instruction Fuzzy Hash: 3B014CB5E0021EABCB00DFA9D8419EEB7F8FF58700F10445AE905E7351D7749A01CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7de40ab67bb0db778022ae913d7b44f5dc32a7659e702ba93bc8234b45ce7643
                                                • Instruction ID: c090e20c3ace823833fe6b3923221d31d1937f6a8834093fa2c4b809f8edcb4d
                                                • Opcode Fuzzy Hash: 7de40ab67bb0db778022ae913d7b44f5dc32a7659e702ba93bc8234b45ce7643
                                                • Instruction Fuzzy Hash: 01012876604742DFC750DB2AC944B5B7BE5ABA4A10F04861EF985837B2DE30D841CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                • Instruction ID: c472c793dd84bd80caba05f16fcc72c387ab534d298ad145bc9ba9503a889e81
                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                • Instruction Fuzzy Hash: 59015EB62005849FE323D71EC948F677BD8EB95654F0940A2AA19CB7B2D638DC41C625
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23e1018e8aea29c54e1f4e5ab4d492e4cc69b7c16d8542673d91483afb9a74a3
                                                • Instruction ID: 982d90b3af44dcf36a0ea15d83b938aefc1d28c34c67ac2ec65a64ca125a1596
                                                • Opcode Fuzzy Hash: 23e1018e8aea29c54e1f4e5ab4d492e4cc69b7c16d8542673d91483afb9a74a3
                                                • Instruction Fuzzy Hash: E9017171E00259ABDB14EBA9D845EAFBBB8EF94700F00406AB905EB291D6749901C794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39b36db4602e2808a28082ad0402ef1f1ae3f6b91e175034b486a36de8aa9ec4
                                                • Instruction ID: b23fdcb5b586f5bcb3c2c7a9077601690ef5f1062b3fbff22c8cbc50935b7476
                                                • Opcode Fuzzy Hash: 39b36db4602e2808a28082ad0402ef1f1ae3f6b91e175034b486a36de8aa9ec4
                                                • Instruction Fuzzy Hash: A5018475E10219EBDB10EBA9D845FAFBBB8EF94700F00406BF905EB391DA749901C794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59b46cf8ee965ab53a4e5e64f4a5db2357bf4f26578eba47a07eb62b5fd5c2ee
                                                • Instruction ID: 35c2251aeaf0445da7bea5b812e9613830a3c9cba78913ab3546cf9c2c452bb4
                                                • Opcode Fuzzy Hash: 59b46cf8ee965ab53a4e5e64f4a5db2357bf4f26578eba47a07eb62b5fd5c2ee
                                                • Instruction Fuzzy Hash: BE012175A0021DAFDB00DFA9D9419AEBBB8EF58710F50405AF905E7351D634DA01CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac7e38129749cce71bbc48f2f1cb6f0a1750ca83e53311b2252f9f1f3771f6c3
                                                • Instruction ID: 335f5daf677d5679d70f9e9a39eef429394cd5070452db7b07a6495afe3c946c
                                                • Opcode Fuzzy Hash: ac7e38129749cce71bbc48f2f1cb6f0a1750ca83e53311b2252f9f1f3771f6c3
                                                • Instruction Fuzzy Hash: 67012C75A0021DAFCB00DFA9D9419AEBBB8EF98710F10405BF904E7361D634A901CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 861f4a362963bccd90b5c38cb51bdb547b77ad711608b5825ea42d741705cb9f
                                                • Instruction ID: 986cce52089971ee699bf53336f347c09e5c989a839f8bd749382f8052f74fd9
                                                • Opcode Fuzzy Hash: 861f4a362963bccd90b5c38cb51bdb547b77ad711608b5825ea42d741705cb9f
                                                • Instruction Fuzzy Hash: D0012CB5A0021DAFDB00DFA9D9419EEBBB8FF58710F10405AF904E7351E634AA01CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3facd07470e770ca0f2203528a92d436d797d5086390178493f6d1fad3fc00d5
                                                • Instruction ID: 42e956dd71b1a71dfa09607b6c1b798860e6433069400d13fa9726ce215f68df
                                                • Opcode Fuzzy Hash: 3facd07470e770ca0f2203528a92d436d797d5086390178493f6d1fad3fc00d5
                                                • Instruction Fuzzy Hash: 18017CB1A0020DAFCB00DFA9E941AAEBBB8FF58704F10405AF904FB351D634A901CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                • Instruction ID: 74ad18026e6e7f24e3c1cd6ebe1d05fea59e591f2b89213a2f0e54862fd0a910
                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                • Instruction Fuzzy Hash: BEF09C3324152B9BD7326EDD4888F57BA999FD1A68F16003EF7059B754C9708C0297D1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                • Instruction ID: 29506f98438203c0aae5c5892b4fbed2eb251c471212faecb08dc4d654d9dccd
                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                • Instruction Fuzzy Hash: 0001F936200584ABD322975DC804F5ABB98EF51794F0C0066FE148B7B7E674CC40C314
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06ac2caa6777edf98b66bd80d23dca150fa2fd50321477288e2bb2bb977051e0
                                                • Instruction ID: 7d1655fe1366a50cffdee2e2f74b9f425ca7696249a5cbf2bdf0afa0ecea1006
                                                • Opcode Fuzzy Hash: 06ac2caa6777edf98b66bd80d23dca150fa2fd50321477288e2bb2bb977051e0
                                                • Instruction Fuzzy Hash: 1101AD31200608ABD731DF59DD05FABBBF9EF54614F10056DE905832A1CBB1AA04C795
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a00f1400f4b59c0e3de5d13d32b903af97cf02c117e02751dac66689ca8ca98
                                                • Instruction ID: 3b207401b48f1c96181917a99f8df4bfae89a242546d6505135be1fa2556ea5a
                                                • Opcode Fuzzy Hash: 7a00f1400f4b59c0e3de5d13d32b903af97cf02c117e02751dac66689ca8ca98
                                                • Instruction Fuzzy Hash: 7E012C71A00659ABDB00DFA9D841AAEBBF8EF58710F14405EE905AB390D774AA01CB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: afefb0cd86f49152069a30bb31a64d72117616fdfec407e35b36a2c9d0fcb5c8
                                                • Instruction ID: dc6876744e4cb6ee57626e0d35242f06dd3b9b1c58d851f2fcdd968ddaf9bce0
                                                • Opcode Fuzzy Hash: afefb0cd86f49152069a30bb31a64d72117616fdfec407e35b36a2c9d0fcb5c8
                                                • Instruction Fuzzy Hash: B101A972E00658EBDB14DFF9D9459EFB7B8EF58710F00805BE511FB2A0D97499018791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                • Instruction ID: e61f0411a8611e06a6de7c624661dab3aba5b064db2cb7902ef8ae4b15f1fd97
                                                • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                • Instruction Fuzzy Hash: 2AF08C36B01108ABDB25DA49D940EBEBBBDEBC4604F1401AEAA05E7740DA30AE019790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                                • Instruction ID: 9232e4206b48e6120f58bdfb847ca4b4d60d085c98e4114d61d3a0112d60186b
                                                • Opcode Fuzzy Hash: 2029a114c36bb4c92c887f33788b343d8ca89f1f3266e36f8717b5269d555587
                                                • Instruction Fuzzy Hash: 3701D6315406569FD721DB19C886F9A3798AB20730F504157FD148F3B1D7B5D980C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                • Instruction ID: 8bce90dd89e3fe0d7b23f03e191103899edbbe5fa46dbea554cc24f675ca102f
                                                • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
                                                • Instruction Fuzzy Hash: 78F02871A02209DBE710DBA98414BAA7BA8EBD4714F04815EDF09D7140DA35D880C294
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b95e455b5deace294306a0fa3fe8487b2727e415cfb4e405c1f71cb7134b712
                                                • Instruction ID: a172b64fad8f1d5a58d1fa2a4febd65f6bb15c32d9c92ec5d0235181d5150a34
                                                • Opcode Fuzzy Hash: 0b95e455b5deace294306a0fa3fe8487b2727e415cfb4e405c1f71cb7134b712
                                                • Instruction Fuzzy Hash: 0EF0C231B01648ABDB04EBAAD805E7FB3B4EF64700F40016ABA01EB6A1EA70D905C745
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                • Instruction ID: d817e76e87adef906c19f45b0ed5fc86ad90fd62c68954544f89eb044758ef34
                                                • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                • Instruction Fuzzy Hash: 2CF0F671614208EBDB18CB29DC00F56B7EDEF98304F14807D9649C7260EA72ED01E754
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b2f138c934d72fbafaed7775074b01c41afc6bbc124c9bc971df86bfc33662f
                                                • Instruction ID: 4d17702d72b356934a55ceb6b2b5b32ac8943935f4c7b86e4b3cdff10bc0d9c1
                                                • Opcode Fuzzy Hash: 4b2f138c934d72fbafaed7775074b01c41afc6bbc124c9bc971df86bfc33662f
                                                • Instruction Fuzzy Hash: CB018C71E0120DAFCB00EFA9D545AAEB7F4FF58700F00405AB805EB3A1E6309A00CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e845c89f9b35d2f68ea66a50fbd51de8fdad795e6f1a9ac61abf409c73580bff
                                                • Instruction ID: 4411214bf39f45c7d61f87fe22abb892b84b620e55e6799f037895e1f6e68cc7
                                                • Opcode Fuzzy Hash: e845c89f9b35d2f68ea66a50fbd51de8fdad795e6f1a9ac61abf409c73580bff
                                                • Instruction Fuzzy Hash: 61014F74E0020EAFDB00EFA9D545AAEB7F4EF58700F50445AB905EB391EA74DA00DB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc43181b8f5214eeea3db896b6cd8d3becbded7d59b6043c112d508267e5cc59
                                                • Instruction ID: 0aa4eb848d9e9f8bebb82a8e7371ca78d66874816ac5a352bcdf6d8d2815a5f2
                                                • Opcode Fuzzy Hash: cc43181b8f5214eeea3db896b6cd8d3becbded7d59b6043c112d508267e5cc59
                                                • Instruction Fuzzy Hash: F0F024B28912B0CFE732C32CC8C4B237FDA9B04638F44446BD4058333AC2B0C880C258
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c34adddbc163147a2e215a440e6e3e44a25f30ca1f9a128e7838b9f38fc27646
                                                • Instruction ID: 5508c68a43471035a2624e2b3f29a72e6e3cf4b350aa2f06a9657fbff9672754
                                                • Opcode Fuzzy Hash: c34adddbc163147a2e215a440e6e3e44a25f30ca1f9a128e7838b9f38fc27646
                                                • Instruction Fuzzy Hash: 10F020AA4121878ADF33AB293580AE23BD2D765150F0A008BDA901B33AC5B49893DB71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                • Instruction ID: b2c7c1c99759b8347733137664c2b5487a4d048f59579f67cf0cbdafbc32cc18
                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                • Instruction Fuzzy Hash: B1E02B323409016BE711AF0ACC80F03375DDFE6724F04447EB5041E262C6F5DC0987A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aead940d121c7a645dc9afee80883a0c9bcc2f80e255f4d039c41eb27eb461f3
                                                • Instruction ID: c954aa4af22853539eb2813fe9e1b7d308108842213a0607f11ac667229d8a8f
                                                • Opcode Fuzzy Hash: aead940d121c7a645dc9afee80883a0c9bcc2f80e255f4d039c41eb27eb461f3
                                                • Instruction Fuzzy Hash: D8F09A70E0460AAFDB14EBA9D441A6EB7B4EB68700F50849AE905AB2A1EA34D9018B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd2b366da03d38ead1c76eb27ca9be47e2e5ec016a3a2daf83977e35d1741f77
                                                • Instruction ID: dddb5de84a7161bda5ca326f6c8dc25ac9541646af54478be62de03902ef8c5a
                                                • Opcode Fuzzy Hash: cd2b366da03d38ead1c76eb27ca9be47e2e5ec016a3a2daf83977e35d1741f77
                                                • Instruction Fuzzy Hash: FFF0B470E146499FDB04EFB9D901E7E77B4EF68700F00445EA905DB3A1EA34D900C750
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d78875c79a6866357590214497cb215fd23bdb4fde3d186284a1ffd4c53cc018
                                                • Instruction ID: a780bfe9562f904831f4395e9c82999d18e89fbc1bc7fb155f8139031d16c194
                                                • Opcode Fuzzy Hash: d78875c79a6866357590214497cb215fd23bdb4fde3d186284a1ffd4c53cc018
                                                • Instruction Fuzzy Hash: 4DF09070A046099BDB14EBA9D901A6E77B4EB68700F40445EA915EB2A1EA349900C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7a10fe9672f6ceb0b45bd08b7d9e5a389112b2ea28fd76b3492c7db6846c3e4
                                                • Instruction ID: fe018b2d3fbe537b67d50580a184b6e6f221ac934e5517d83e06ffa414722a74
                                                • Opcode Fuzzy Hash: e7a10fe9672f6ceb0b45bd08b7d9e5a389112b2ea28fd76b3492c7db6846c3e4
                                                • Instruction Fuzzy Hash: 5DF0E2B0A0024EABDB00EBA9D906E6FB3B4EF18700F00045EBA05DB3A1FA30D900C794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56c765f678abeeeb402372beded414deb49d71b9dae5d140f50192c53f2b84ef
                                                • Instruction ID: 91ca61c8ba637dbf56936acc464fd67666089112f29e0c8cd1c967ee83ae55cf
                                                • Opcode Fuzzy Hash: 56c765f678abeeeb402372beded414deb49d71b9dae5d140f50192c53f2b84ef
                                                • Instruction Fuzzy Hash: 40F0E271A0424CABCB04EBE9D846AAE77B4EF18700F00009AE505EB3A1E974D900C754
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c467218776110821d76ed8f7ea190e6627ee2f3182aa4fc036efc41341b89f5
                                                • Instruction ID: 43208a0413ab28769a385b7099374a5cece47b42d77fc5bd00b3ee52fca653f3
                                                • Opcode Fuzzy Hash: 7c467218776110821d76ed8f7ea190e6627ee2f3182aa4fc036efc41341b89f5
                                                • Instruction Fuzzy Hash: 59F0E274A0425EAFDB00EFA9D901E6F73B4EF18700F00005EB905DB3A1EA30D901C748
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29e0a23e75e25e5472d5e868e685ef8da0c3feb4562c71dd5f8c4596a1e2ef30
                                                • Instruction ID: b26b8933941a1afdf1836ed159fe3b48593d68068e6301eb6cc51358d40b11b0
                                                • Opcode Fuzzy Hash: 29e0a23e75e25e5472d5e868e685ef8da0c3feb4562c71dd5f8c4596a1e2ef30
                                                • Instruction Fuzzy Hash: 81F0E935580545AADF0297ACC440F7A7FB1AF14312F04053BD991A72B9E7749801C785
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9cad8a0c592c298f5c62e05876f00a0291b6109f08749c085214f23ad92da5e5
                                                • Instruction ID: 1dcc04b5a287ced63913e2307b4e678e07995cff0c038186287e2d20fa8a2dc1
                                                • Opcode Fuzzy Hash: 9cad8a0c592c298f5c62e05876f00a0291b6109f08749c085214f23ad92da5e5
                                                • Instruction Fuzzy Hash: E0F0E270A0420AABCB00EBA9E845E6E77B4EF68300F10019EE916EB3A1EA34D901C754
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cea6cd03006aaeca42beb164618937537671c61e723684766d970bbbcbe4ecda
                                                • Instruction ID: c707e7adba3e2458d05f76c8f9a4043bd6d1b2c4da25f52f5ce320e970a785df
                                                • Opcode Fuzzy Hash: cea6cd03006aaeca42beb164618937537671c61e723684766d970bbbcbe4ecda
                                                • Instruction Fuzzy Hash: A2F0BE3A9216958FD7B2DB9CC1D4B23B7D8AF00778F04446AE80587A33C734E944C640
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3caa7e68fb0d26ecbff6bf9d75c93cf5bb22ac6ac3639747a14eccd6e3e5ffd
                                                • Instruction ID: e903b31a8013c39672a5ab2d4afe7247eebee2aa6972d4a3dd9c9c12f93e189d
                                                • Opcode Fuzzy Hash: d3caa7e68fb0d26ecbff6bf9d75c93cf5bb22ac6ac3639747a14eccd6e3e5ffd
                                                • Instruction Fuzzy Hash: 06F08272911699AFE732D71CC144B23BBD89B01A75F25406BE90587A63C738D888C6A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d13a1873c345cf6ed03c315570e57d676687dec3a4b1b2411516d1e9134b4189
                                                • Instruction ID: a4995d6f1c0ceed5774a3a9857b994e89e538af3d8a877e81e6142a578217236
                                                • Opcode Fuzzy Hash: d13a1873c345cf6ed03c315570e57d676687dec3a4b1b2411516d1e9134b4189
                                                • Instruction Fuzzy Hash: 37E09272A01422ABD2219A19AC00F67739DDBE4655F19443AEA04C7634D638DD42C7E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                • Instruction ID: 093272563e4e1453723bf2255dd439cc3e86ad68755dfb8dc51526446c70fc04
                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                • Instruction Fuzzy Hash: 61E0D833A40118FBDB2196D99E05F5ABFBDDB54A60F04015AFE04D7160D5749D40C2D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                • Instruction ID: d33ad3805e4400f0947d4b27baceb1aec7b279fc646a3b5e136360ac46eeeb1a
                                                • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                • Instruction Fuzzy Hash: A2E02B31200146D3DF32AA48D504BB6B3A9AF91708F08803AE6068F552D6B4DC41C3D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eedcc2bb73644968fca7bd46e163552d34b10f616ab665401d84dbc1fd288312
                                                • Instruction ID: 729177c37b21f5e6a001fd74a5d81d9a952cb8c094c9b2cb03093800b50b0809
                                                • Opcode Fuzzy Hash: eedcc2bb73644968fca7bd46e163552d34b10f616ab665401d84dbc1fd288312
                                                • Instruction Fuzzy Hash: A2F0E5B65542A4EFEF22DB6DD044B23BBDC9B0467CF08446BD50587672C774D880C261
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                                • Instruction ID: fa9033e851d2e229f851364bc743c925c6de2fa8cd61ae51a7feb208e9d5b908
                                                • Opcode Fuzzy Hash: 315252d8d3e5e1fdd0d3f6bd8f50884039f61c830c14d95a10b54c942d48fd22
                                                • Instruction Fuzzy Hash: EFE0DF71140248AFFB10DB06C444F263FB9ABE8B38F00C11AA609CF1B2C770D880CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7e21de7e1e1d3488412cc2f000492246891558fb53d1feed5187dc4a2f92e23
                                                • Instruction ID: 46154b3e3448aed5020a03302c5d7dca3cb56c0ed76a70f0348658e87f0ec4a0
                                                • Opcode Fuzzy Hash: e7e21de7e1e1d3488412cc2f000492246891558fb53d1feed5187dc4a2f92e23
                                                • Instruction Fuzzy Hash: 6DE0D8B110D2049FD737D75BE060F163B989B52629F19403FF00847AA2C671D885C295
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62516d0300ae7e8a9cac9db05ed3e147c549c9c20c0e21c0a5a280435d719578
                                                • Instruction ID: 0f87cb4fbb69ab9287e83e80bc15d7fd3f49690604ab60b446996356e9596b01
                                                • Opcode Fuzzy Hash: 62516d0300ae7e8a9cac9db05ed3e147c549c9c20c0e21c0a5a280435d719578
                                                • Instruction Fuzzy Hash: 5EF01EB88A0703CFDFB1EFAA9A04708B6E4F764361F10412FA0008B2BAC73454A4CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                • Instruction ID: 3085ef76796158bdf95f79f6fe60de39b1b9325c0aff11d1ab3c66dbb74bf4f1
                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                • Instruction Fuzzy Hash: DBE0C231280205BBDB226E88CC00FA97B16DF70BA1F114036FE085ABB0C671AC91D7C4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                • Instruction ID: cd9cd98f1aa556c5441a3d4a93f360e824455fd2c8f18aef7024e1b2a0219cbb
                                                • Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                • Instruction Fuzzy Hash: 12E08C32040A10EFDB326A29EC00F537AA5BB64715F10042EE281065F88AB49881CA40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c22ec41e066a74c6a6ce715775dcca35d1d218bc10a072054a2b8babbfac8a44
                                                • Instruction ID: aa98885f5bf435cc20dd7509ba8c9357de9b994b680719216d7a52827afc1947
                                                • Opcode Fuzzy Hash: c22ec41e066a74c6a6ce715775dcca35d1d218bc10a072054a2b8babbfac8a44
                                                • Instruction Fuzzy Hash: D8D02EB12A10001AC72EA7009A18B313693F7B4772F3A080FF2030BDB9EB70C8D4C208
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                • Instruction ID: bb122f6d946850a4eff5d0f6b2c6adefe4b119a4b63a47a2824d9b557044760a
                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                • Instruction Fuzzy Hash: 0DE08C319006809BDF13EB5AC650F8EBBF5FB54B00F140419A0086F770C634AC00CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                • Instruction ID: d6e3deefbfcf1d1fd3ca187a841b2d078499a9af954869a7017e1ece1e626f19
                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                • Instruction Fuzzy Hash: 73D0E935352A80CFD757CB5DC554B1677A4BB45B44FD505A1E901CB762E63CD984CA00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                • Instruction ID: 444bc7f8ccb6ffb1da83f19a002ba3816e5a6eb60455a50665389cb6e99435d0
                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                • Instruction Fuzzy Hash: F0D0A731401191D9DB02EF14C1147693773BB14204FD810EBC0490557AC33D49DBC600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                • Instruction ID: 3a476ed074a28817f7082e3f3fd628f63815f516f05f4512bcf6771d95e84c0a
                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                • Instruction Fuzzy Hash: 11C08C70280A01AAEB221F20CD01F003BA1BB20B09F4804A46300DA4F4DB7CDC01E600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                • Instruction ID: e51b800de859e98affcfaf77bbfda5bac2154e72c99b9d2ec1647d726c17291a
                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                • Instruction Fuzzy Hash: F4C08C33180248BBCB126F82CC00F067F2AFBA4B70F008015FA080B570C632E970EB84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                • Instruction ID: 738cf1ae08b0a19d4201d2097af3afb2658030d128e36ba7dbe12934f4d30c69
                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                • Instruction Fuzzy Hash: 7FC08C32080248BBC7126E42DC00F017B2AE7A0B60F040021B6080A9708636EC60D588
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                • Instruction ID: 9dd91d946648cef40a1223da53a0d2f61a4c73f41073875a3491b297fa5a93a9
                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                • Instruction Fuzzy Hash: BFC08C32080248BBC7126A46CD00F017B29E7A0B60F000021B6140A6718932E860D588
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                • Instruction ID: cf4a03b1592aa8b4370ebdeecb28d867ed744429d71b607d29274c8b9cad0b92
                                                • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                • Instruction Fuzzy Hash: FBC04C357115418FCF15CB2AC284F1677F4B754745F1508A1E805CB735D634E810CA51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                • Instruction ID: 3b968126c18da63a00750812d095c8162ab88b4d3dffa7a2dbf8ae1f50217a5a
                                                • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                • Instruction Fuzzy Hash: 46C09B1F5656C54DCD278F3443127D5BF60D7529D0F5D14D2D4D11F623C1244513D665
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                • Instruction ID: 2c668f102ad69573629a0bea211ddfeca18ae17bdeae3111a47976ab5b6580f8
                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                • Instruction Fuzzy Hash: CEB092353019408FCE16DF18C080B1633F4BB48A40B8440D0E400CBA21D229E8008900
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                • Instruction ID: 26b993ccf5c6e738ab2a706fe7908238ac080ef6da5c344bdaaf4679ed4b6229
                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                • Instruction Fuzzy Hash: E4B092328108418BCF02EB41C610A197331AB10650F0548A5900127970C238AC11CA40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1014efd5018cd7cd42aaeb393b7239116012eaf26af711b7d9ce899e11517190
                                                • Instruction ID: 13d81e3ecb7b2dc48d176ee537eb87fbc509279700f7181c1494850580c08e51
                                                • Opcode Fuzzy Hash: 1014efd5018cd7cd42aaeb393b7239116012eaf26af711b7d9ce899e11517190
                                                • Instruction Fuzzy Hash: 419002A170140403F140659948046070005A7E0342F51C012A2054596ECB798C517179
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f897c87e223663a0c4f6faf1e3e147530df9692e5d01af021d905334b74a611d
                                                • Instruction ID: 5871254e2a8538864c8678d28098cc5670c21a65118eb9a7f49bafd30901b423
                                                • Opcode Fuzzy Hash: f897c87e223663a0c4f6faf1e3e147530df9692e5d01af021d905334b74a611d
                                                • Instruction Fuzzy Hash: 589002A171100043F104619944047060045A7F1241F51C013A2144595CC6798C616169
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cc437fe295e8e707f2d3455455b4a82fab4dd802a39652e13014fb08799593b
                                                • Instruction ID: 0f0b765a3134cbbd1dba4fc7de213a1c3f4ad3e07bc2e92dc4bcb4334ba25177
                                                • Opcode Fuzzy Hash: 0cc437fe295e8e707f2d3455455b4a82fab4dd802a39652e13014fb08799593b
                                                • Instruction Fuzzy Hash: 359002A1B01140436540B19948044065015B7F1341391C122A04445A1CC7B88855A2A9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8feaf524b75337277f016cf895a98b94170cc0c20bc5cdfa7959438e3b84f467
                                                • Instruction ID: 542d28fe4224719d600574d0f6d775bfc70ab46344ac2a2725a8f82bfd0023e2
                                                • Opcode Fuzzy Hash: 8feaf524b75337277f016cf895a98b94170cc0c20bc5cdfa7959438e3b84f467
                                                • Instruction Fuzzy Hash: 89900261742041537545B19944045074006B7F0281791C013A1404991CC6769856E665
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08745e8ad9fcde46a932ef909c8bd24a5def59c3f0cf8b0ee65c2b1185a05556
                                                • Instruction ID: 7fd4ab7aae8e46b143d9d3afc29dacec6de5bb23e0f64dd5ea1a7cfaef9a4113
                                                • Opcode Fuzzy Hash: 08745e8ad9fcde46a932ef909c8bd24a5def59c3f0cf8b0ee65c2b1185a05556
                                                • Instruction Fuzzy Hash: 4590027174100403F141719944046060009B7E0281F91C013A0414595EC7A58A56BAA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 81a4a26758f80ad89242d993a933ab9a9819db2280c001c563a2288601ed3609
                                                • Instruction ID: 7355a62482555786bf80b1957ec97e8a6e55cfab9678d130eec08c999cbe2429
                                                • Opcode Fuzzy Hash: 81a4a26758f80ad89242d993a933ab9a9819db2280c001c563a2288601ed3609
                                                • Instruction Fuzzy Hash: 24900261B0100503F10171994404616000AA7E0281F91C023A1014596ECB758992B175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f777e5e885f71c607facb13bff501872e188eaf4964ed40cbfa3f474ec024ec4
                                                • Instruction ID: 7d0959304eaebd735d3fa1fd365c152d7e5bf3ea98da1d5fd6dcae0b3f1fabf2
                                                • Opcode Fuzzy Hash: f777e5e885f71c607facb13bff501872e188eaf4964ed40cbfa3f474ec024ec4
                                                • Instruction Fuzzy Hash: CB90026170100403F102619944146060009E7E1385F91C013E1414596DC7758953B176
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 328892a146cc68626bef2a42df0c9f67faa295514135c889b8d498df9c314c9b
                                                • Instruction ID: 2c8665955819a421cde867a750c0089bc481f4b3d21a4ae93ef75987089fd4ea
                                                • Opcode Fuzzy Hash: 328892a146cc68626bef2a42df0c9f67faa295514135c889b8d498df9c314c9b
                                                • Instruction Fuzzy Hash: 4290026174100803F140719984147070006E7E0641F51C012A0014595DC766896576F5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8fe6bb4516d1f6016fecbc7e948594be55d801b840190515c0ddc9b6defc318
                                                • Instruction ID: 5d363a40b5c073b70db9ce6172ba9cd5f3484f06e7c56979b2e128ebd8e5e7db
                                                • Opcode Fuzzy Hash: a8fe6bb4516d1f6016fecbc7e948594be55d801b840190515c0ddc9b6defc318
                                                • Instruction Fuzzy Hash: D290027170144003F1407199844460B5005B7F0341F51C412E0415595CC7658856A265
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5209865632caa4924a4e856eec222a46d13370c875d3e5f2a1d178611bc8339
                                                • Instruction ID: 3d8ffe96fe7bb245656f86387aaae8f0b5415b75671e74e7c6405052a1464881
                                                • Opcode Fuzzy Hash: e5209865632caa4924a4e856eec222a46d13370c875d3e5f2a1d178611bc8339
                                                • Instruction Fuzzy Hash: BC90027170140403F100619948087470005A7E0342F51C012A5154596EC7B5C8917575
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 35efac4de03ec8dafd67fed378024c901e94ca4d568882148bdbb20739fbc337
                                                • Instruction ID: ff86bc298a0ed5c4433f55b3b28c9f2378e6ca0f6a46f6ee84d4030834e9ae8c
                                                • Opcode Fuzzy Hash: 35efac4de03ec8dafd67fed378024c901e94ca4d568882148bdbb20739fbc337
                                                • Instruction Fuzzy Hash: 52900261B0100043614071A988449064005BBF1251751C122A0988591DC6A9886566A9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9d46b0499ea50b47cfd36c210b83f9280b719ded4cb99420c3bcf623ee6c992
                                                • Instruction ID: a1b646e35d6a6fb2aabc786d40384e7016cde9ac0e01daa731b92654bfea5476
                                                • Opcode Fuzzy Hash: c9d46b0499ea50b47cfd36c210b83f9280b719ded4cb99420c3bcf623ee6c992
                                                • Instruction Fuzzy Hash: 1D90026170144443F14062994804B0F4105A7F1242F91C01AA4146595CCA6588556765
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6504ea9ac095ab0c98d2c5fb0b3808906787fb60af23a640be42e77ebd187dec
                                                • Instruction ID: bcb3071a78016d8281ce9657f0afd0568acc81b534edf3d7cc38a02aa8074a37
                                                • Opcode Fuzzy Hash: 6504ea9ac095ab0c98d2c5fb0b3808906787fb60af23a640be42e77ebd187dec
                                                • Instruction Fuzzy Hash: 38900265711000032105A59907045070046A7E5391351C022F1005591CD77188616165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b184f804ca06b7b44eb278976bc162db0c673f65294104d303008e3d18000d5
                                                • Instruction ID: ac4236f3fc8db892f554fb49f22055b442e514183dfb815bbf532d9e4e5f648f
                                                • Opcode Fuzzy Hash: 9b184f804ca06b7b44eb278976bc162db0c673f65294104d303008e3d18000d5
                                                • Instruction Fuzzy Hash: 30900265721000032145A599060450B0445B7E6391391C016F14065D1CC77188656365
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5157bcb844670b87ac14d0dff5a5331feaa296cbb18a7e0558ce19804105d07
                                                • Instruction ID: 62798900bbebd7a2e667a347c41ebd11ed47eafcea8809120a39e0787bf9e1fa
                                                • Opcode Fuzzy Hash: c5157bcb844670b87ac14d0dff5a5331feaa296cbb18a7e0558ce19804105d07
                                                • Instruction Fuzzy Hash: 299002E1701140936500A2998404B0A4505A7F0241B51C017E10445A1CC6758851A179
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bcbe81913ee01a0c3f39501d98ab2525307b258a27cf3dcfdfc183a078fcf03
                                                • Instruction ID: 08259091eb53157619f538830bfd01f2dcddc40b4bbcb1acf2147889a5ae949c
                                                • Opcode Fuzzy Hash: 4bcbe81913ee01a0c3f39501d98ab2525307b258a27cf3dcfdfc183a078fcf03
                                                • Instruction Fuzzy Hash: 61900271F0500013B140719948146464006B7F0781B55C012A0504595CCAA48A5563E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc5fc5fb94d5e7d68b07e66b9d5af8f451b4751be3db9185255ad9140097aa05
                                                • Instruction ID: 5718af48e38f772613dab677ab00b8743eb2cb78f0bc91415f0b7da2d704fe2a
                                                • Opcode Fuzzy Hash: dc5fc5fb94d5e7d68b07e66b9d5af8f451b4751be3db9185255ad9140097aa05
                                                • Instruction Fuzzy Hash: FB90027170100803F104619948046860005A7E0341F51C012A6014696ED7B588917175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48aad62d98bf94f2b68ad4c3836b233b8235ead3ba9b0404771b73e30b58eb6c
                                                • Instruction ID: 7ee5c4adfc326a8b9b4264bdfd97e3373c328453fa489aa4f2b38de39363f594
                                                • Opcode Fuzzy Hash: 48aad62d98bf94f2b68ad4c3836b233b8235ead3ba9b0404771b73e30b58eb6c
                                                • Instruction Fuzzy Hash: 4A90027170100403F100619955087070005A7E0241F51D412A0414599DD7A688517165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03bf295fa87b372fc646b6d8998927dcf30214c701378ea049d2d0f8f7c15664
                                                • Instruction ID: 86aadf81542f518f924297244d711daa69a8cc950d65435539e20d0f579c4c0c
                                                • Opcode Fuzzy Hash: 03bf295fa87b372fc646b6d8998927dcf30214c701378ea049d2d0f8f7c15664
                                                • Instruction Fuzzy Hash: 2290027570504443F50065995804A870005A7E0345F51D412A04145DDDC7A48861B165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 30127abd812caf66b509c5361c234b7d677dcd4a9dd80a68e00eda0472decf98
                                                • Instruction ID: b12a3571b42f26d3def993ba0346297fd2383bc826c0fda819a7512b418ddd10
                                                • Opcode Fuzzy Hash: 30127abd812caf66b509c5361c234b7d677dcd4a9dd80a68e00eda0472decf98
                                                • Instruction Fuzzy Hash: 7A90026170504443F10065995408A060005A7E0245F51D012A10545D6DC7758851B175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12590b8d53d09e4ac30bcf9aa8099d8d8e301934b53030d0e6ac9d3fa7bb6ee0
                                                • Instruction ID: be12fbe332f1f946b67a8a657c248e69ff4aa6a0a919edebc43dfbe3f4e8cbf6
                                                • Opcode Fuzzy Hash: 12590b8d53d09e4ac30bcf9aa8099d8d8e301934b53030d0e6ac9d3fa7bb6ee0
                                                • Instruction Fuzzy Hash: 6490027170100053B500A6D95804A4A4105A7F0341B51D016A4004595CC6A488616165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a3ba50d5a5d952d49eb24481398d87311c0541e5826b8f0e7968364a2ac5f27
                                                • Instruction ID: 4c76fc3400888be545ef6696c1b64e8df7c43d1e333b39d490f50fe942f49180
                                                • Opcode Fuzzy Hash: 5a3ba50d5a5d952d49eb24481398d87311c0541e5826b8f0e7968364a2ac5f27
                                                • Instruction Fuzzy Hash: F0900261B0500403F140719954187060015A7E0241F51D012A0014595DC7A98A5576E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2df88a5cda0cd87d40df1761df03bcf832aa6b6fa577af9ecbca79802b6047d
                                                • Instruction ID: 1e44073100129d8e17cf4fdffa2bb0d07742095c3316c920f0642d12fd2c270a
                                                • Opcode Fuzzy Hash: c2df88a5cda0cd87d40df1761df03bcf832aa6b6fa577af9ecbca79802b6047d
                                                • Instruction Fuzzy Hash: A590026170100003F140719954186064005F7F1341F51D012E0404595CDA6588566266
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ed86a311b1a8a56e08d1053f9961e086fd844bea13d0f374fe4dc27db13192f
                                                • Instruction ID: 274e366bfe1f9a8f76cbb622b646ab629cfd6811a8e055f2198ef979900c155c
                                                • Opcode Fuzzy Hash: 1ed86a311b1a8a56e08d1053f9961e086fd844bea13d0f374fe4dc27db13192f
                                                • Instruction Fuzzy Hash: 2790027170504843F14071994404A460015A7E0345F51C012A00546D5DD7758D55B6A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96c258604692e57d0a29b7fb5e6c3b790e461bf58e8796dfda549c3388ca65b2
                                                • Instruction ID: e162b5bcea5a20bcdd4daea0cbbeee0170fa2147aa25ec297e1d2ae21cfd4436
                                                • Opcode Fuzzy Hash: 96c258604692e57d0a29b7fb5e6c3b790e461bf58e8796dfda549c3388ca65b2
                                                • Instruction Fuzzy Hash: C6900271B0500803F150719944147460005A7E0341F51C012A0014695DC7A58A5576E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: 047dd80738f97bc7ce8883c92dc23fe64ab29b2cacc50be65158f99d9ffdd175
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                • Execute=1, xrefs: 0145057D
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 014504BF
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01450566
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 0145058F
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 014505F1
                                                • ExecuteOptions, xrefs: 0145050A
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 014505AC
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: 59b2e76a2c15aa9131d674d51ebf4a8ad85f7e8fd1085c5071f04615dd2649b7
                                                • Instruction ID: 62aeb8a393b3ebd364ba499e3468bf3079e3570c5410a6be39fb4d4b1e84bfba
                                                • Opcode Fuzzy Hash: 59b2e76a2c15aa9131d674d51ebf4a8ad85f7e8fd1085c5071f04615dd2649b7
                                                • Instruction Fuzzy Hash: D7610A31700219BAEF20EA55EC85FAB77B9EF68318F0401AEE705A7291D7709A45CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0148FDFA
                                                Strings
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0148FE01
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0148FE2B
                                                Memory Dump Source
                                                • Source File: 00000018.00000002.544693729.00000000013D0000.00000040.00000001.sdmp, Offset: 013D0000, based on PE: true
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                • API String ID: 885266447-3903918235
                                                • Opcode ID: 7abe63bf50938fb133f0c8b33971b50dfbb55fdb3b686abe1f8910dc79382604
                                                • Instruction ID: aafab59723e0f885f65a3e31fbb9c0814ec5700ca4456293b88b7349464e71b9
                                                • Opcode Fuzzy Hash: 7abe63bf50938fb133f0c8b33971b50dfbb55fdb3b686abe1f8910dc79382604
                                                • Instruction Fuzzy Hash: 5EF0FC321002017FDB202A46DC06F377F5ADB54730F14431AF614555E1DA72F87086F0
                                                Uniqueness

                                                Uniqueness Score: -1.00%